Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
Analysis ID:1406161
MD5:f24a4d5b6036a3de2eba88868bd771f2
SHA1:3048d822d2b80d66284d1446052da0ba2be27d9e
SHA256:2c2f38b6679224281d1f9a0bee4ac5db26f845e0d0eb74c0caa2d994411ee7e2
Tags:exe
Infos:

Detection

PureLog Stealer, XWorm
Score:92
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected BrowserPasswordDump
Yara detected PureLog Stealer
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Adds extensions / path to Windows Defender exclusion list
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Creates multiple autostart registry keys
Found strings related to Crypto-Mining
Injects a PE file into a foreign processes
Machine Learning detection for sample
Protects its processes via BreakOnTermination flag
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to shutdown / reboot the system
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: AspNetCompiler Execution
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Stores files to the Windows start menu directory
Stores large binary data to the registry
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe (PID: 6508 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe MD5: F24A4D5B6036A3DE2EBA88868BD771F2)
    • cmd.exe (PID: 6708 cmdline: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\ MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 6732 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6880 cmdline: powershell set-mppreference -exclusionpath C:\ MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • Botmaster 5.8 direct.exe (PID: 5684 cmdline: "C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe" MD5: C9C01FDC7D3AD84CEEB43C6B099A8AD5)
      • BotMaster.exe (PID: 3736 cmdline: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe MD5: 895F3A548FD8FA6FD1355AF6D218DA2C)
        • msedgewebview2.exe (PID: 6924 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3736.6896.865895741088582256 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 6072 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x15c,0x170,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 3588 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1760 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:2 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 3344 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2212 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:3 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 2112 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2452 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:8 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 1404 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883373791 --launch-time-ticks=6381239210 --mojo-platform-channel-handle=3372 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 4628 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3736.6896.16963202530693688502 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 2816 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x164,0x168,0x16c,0x13c,0x1a4,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 6828 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1780 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:2 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 5724 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2376 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:3 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 7036 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2628 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:8 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 1308 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6395273895 --mojo-platform-channel-handle=3444 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 6032 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6395660630 --mojo-platform-channel-handle=3580 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 4544 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6396649396 --mojo-platform-channel-handle=3976 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
        • msedgewebview2.exe (PID: 1396 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3736.6896.10684777464287357477 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 404 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x13c,0x1a0,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)
    • aspnet_compiler.exe (PID: 7112 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
    • aspnet_compiler.exe (PID: 6276 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
    • aspnet_compiler.exe (PID: 5928 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
      • schtasks.exe (PID: 2416 cmdline: C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 2896 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • XClient.exe (PID: 7040 cmdline: C:\Users\user\AppData\Roaming\XClient.exe MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
    • conhost.exe (PID: 5436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • WinUpdate.exe (PID: 7036 cmdline: "C:\Users\user\AppData\Local\WinUpdate.exe" MD5: F24A4D5B6036A3DE2EBA88868BD771F2)
    • cmd.exe (PID: 6916 cmdline: "C:\Windows\SysWOW64\cmd.exe" /k START "" "C:\Users\user\AppData\Local\WinUpdate.exe" & EXIT MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 4856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WinUpdate.exe (PID: 4416 cmdline: "C:\Users\user\AppData\Local\WinUpdate.exe" MD5: F24A4D5B6036A3DE2EBA88868BD771F2)
        • cmd.exe (PID: 6708 cmdline: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\ MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 1448 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 4812 cmdline: powershell set-mppreference -exclusionpath C:\ MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
  • XClient.exe (PID: 1836 cmdline: "C:\Users\user\AppData\Roaming\XClient.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
    • conhost.exe (PID: 2028 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 7068 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • XClient.exe (PID: 2336 cmdline: C:\Users\user\AppData\Roaming\XClient.exe MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
    • conhost.exe (PID: 3228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • WinUpdate.exe (PID: 5268 cmdline: "C:\Users\user\AppData\Local\WinUpdate.exe" MD5: F24A4D5B6036A3DE2EBA88868BD771F2)
  • XClient.exe (PID: 6184 cmdline: "C:\Users\user\AppData\Roaming\XClient.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
    • conhost.exe (PID: 6240 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["title-formula.at.ply.gg"], "Port": "15762", "Aes key": "<123456789>", "Install file": "USB.exe", "Version": "XWorm V5.0"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000027.00000002.2375843757.0000000003B26000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000010.00000002.2198821760.0000000003091000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000010.00000002.2198821760.00000000032CB000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000015.00000002.2561460834.0000000002A32000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000027.00000002.2375843757.0000000003B2E000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 26 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            11.2.aspnet_compiler.exe.400000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              21.2.WinUpdate.exe.4984df8.1.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                21.2.WinUpdate.exe.4984df8.1.raw.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
                  11.2.aspnet_compiler.exe.7450000.2.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    11.2.aspnet_compiler.exe.7450000.2.raw.unpackJoeSecurity_BrowserPasswordDump_1Yara detected BrowserPasswordDumpJoe Security
                      Click to see the 12 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\, CommandLine: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ParentProcessId: 6508, ParentProcessName: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\, ProcessId: 6708, ProcessName: cmd.exe
                      Sigma detected: AspNetCompiler Execution
                      Source: Process startedAuthor: frack113: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ParentProcessId: 6508, ParentProcessName: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ProcessId: 7112, ProcessName: aspnet_compiler.exe
                      Sigma detected: CurrentVersion Autorun Keys Modification
                      Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\WinUpdate.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ProcessId: 6508, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdate
                      Sigma detected: Powershell Defender Exclusion
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\, CommandLine: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ParentProcessId: 6508, ParentProcessName: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\, ProcessId: 6708, ProcessName: cmd.exe
                      Sigma detected: Startup Folder File Write
                      Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ProcessId: 5928, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk
                      Sigma detected: Suspicious Schtasks From Env Var Folder
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe, CommandLine: C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentProcessId: 5928, ParentProcessName: aspnet_compiler.exe, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe, ProcessId: 2416, ProcessName: schtasks.exe
                      Sigma detected: Non Interactive PowerShell Process Spawned
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell set-mppreference -exclusionpath C:\, CommandLine: powershell set-mppreference -exclusionpath C:\, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 6708, ParentProcessName: cmd.exe, ProcessCommandLine: powershell set-mppreference -exclusionpath C:\, ProcessId: 6880, ProcessName: powershell.exe
                      Sigma detected: Windows Processes Suspicious Parent Directory
                      Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 7068, ProcessName: svchost.exe

                      Snort Signatures

                      Timestamp:03/10/24-17:32:22.814457
                      SID:2852923
                      Source Port:49734
                      Destination Port:15762
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:03/10/24-17:32:24.712981
                      SID:2852874
                      Source Port:15762
                      Destination Port:49734
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:03/10/24-17:30:45.329887
                      SID:2853192
                      Source Port:49734
                      Destination Port:15762
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:03/10/24-17:32:24.712981
                      SID:2852870
                      Source Port:15762
                      Destination Port:49734
                      Protocol:TCP
                      Classtype:A Network Trojan was detected
                      Timestamp:03/10/24-17:32:06.998086
                      SID:2855924
                      Source Port:49734
                      Destination Port:15762
                      Protocol:TCP
                      Classtype:A Network Trojan was detected

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Antivirus / Scanner detection for submitted sample
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeAvira: detected
                      Antivirus detection for URL or domain
                      Source: https://discovery.lenovo.com.cn/home062291Avira URL Cloud: Label: phishing
                      Found malware configuration
                      Source: 0000000B.00000002.3028502871.0000000002851000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["title-formula.at.ply.gg"], "Port": "15762", "Aes key": "<123456789>", "Install file": "USB.exe", "Version": "XWorm V5.0"}
                      Multi AV Scanner detection for submitted file
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeVirustotal: Detection: 60%Perma Link
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeReversingLabs: Detection: 51%
                      Machine Learning detection for sample
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeJoe Sandbox ML: detected

                      Bitcoin Miner

                      barindex
                      Found strings related to Crypto-Mining
                      Source: msedgewebview2.exe, 00000021.00000002.2568027395.00006CE000988000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: jsecoin.com
                      Source: msedgewebview2.exe, 00000021.00000002.2568223318.00006CE0009A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: "coinhive.com
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\webview2_api_writer\dotNetAPIWrapper\Microsoft.Web.WebView2.Core\bin\ReleasePackage\Microsoft.Web.WebView2.Core.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2213632227.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, BotMaster.exe, 0000001C.00000002.3108448743.0000000006792000.00000002.00000001.01000000.00000010.sdmp
                      Source: Binary string: BotMaster.pdbPK source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2075054867.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000015.00000002.2561460834.0000000002E2D000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\wpf_control\Microsoft.Web.WebView2.Wpf\obj\release\net45\Microsoft.Web.WebView2.Wpf.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2214403955.00000000039D6000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\wpf_control\Microsoft.Web.WebView2.Wpf\obj\release\net45\Microsoft.Web.WebView2.Wpf.pdba source: Botmaster 5.8 direct.exe, 00000008.00000003.2214403955.00000000039D6000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\karim\Downloads\BotMaster5.8\Botmaster\obj\Debug\BotMaster.pdb source: BotMaster.exe, 0000001C.00000000.2278490909.0000000001106000.00000002.00000001.01000000.0000000D.sdmp
                      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, BotMaster.exe, 0000001C.00000002.3149221153.000000000D242000.00000002.00000001.01000000.0000001D.sdmp
                      Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2217080965.00000000039D1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Text.Json/net461-Release/System.Text.Json.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2218616192.00000000039D1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: am Files (x86)\Bot Master\Bot Master\BotMaster.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2207584896.00000000021AA000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.pdb0 source: BotMaster.exe, 0000001C.00000002.2999023178.0000000001713000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: DotNetZip\obj\Release\DotNetZip.pdb source: aspnet_compiler.exe, 0000000B.00000002.3095157565.0000000006020000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2083222845.00000000048C0000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2198821760.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2203478621.000000000468C000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000027.00000002.2375843757.0000000003B2E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/net461-Release/System.Text.Encodings.Web.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2218075402.00000000039D1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Text.Json/net461-Release/System.Text.Json.pdbSHA256 source: Botmaster 5.8 direct.exe, 00000008.00000003.2218616192.00000000039D1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: aspnet_compiler.pdb source: XClient.exe, 0000000E.00000000.2134344488.0000000000922000.00000002.00000001.01000000.0000000B.sdmp
                      Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2217426386.00000000039D1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\winforms_control\Microsoft.Web.WebView2.WinForms\obj\release\net45\Microsoft.Web.WebView2.WinForms.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2214057399.00000000039D6000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, BotMaster.exe, 0000001C.00000002.3105273613.0000000005C12000.00000002.00000001.01000000.0000000F.sdmp
                      Source: Binary string: protobuf-net.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2083222845.00000000048C0000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2198821760.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2203478621.000000000468C000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000027.00000002.2375843757.0000000003B2E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/net461-Release/System.Text.Encodings.Web.pdbSHA256 source: Botmaster 5.8 direct.exe, 00000008.00000003.2218075402.00000000039D1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2214459192.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2209648017.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2217121567.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2217693704.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2216152557.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2216738236.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2215869721.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2210729254.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2212009897.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2217459155.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2211692040.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2219513765.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2218958053.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2216410008.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2216873341.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2213945170.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2214126480.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2208278811.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2219083259.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2218331710.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2217948756.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2213425276.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2215564327.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2215056135.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2214296475.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2217263053.00000000021AA000.00000004.00
                      Source: Binary string: am Files (x86)\Bot Master\Bot Master\BotMaster.pdbmanif source: Botmaster 5.8 direct.exe, 00000008.00000003.2207584896.00000000021AA000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: WebView2Loader.dll.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2215758868.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2216363532.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2216041870.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, 0000001C.00000002.3165003390.000000006CBB0000.00000002.00000001.01000000.00000015.sdmp
                      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, 0000001C.00000002.3149221153.000000000D242000.00000002.00000001.01000000.0000001D.sdmp
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0041C085 wcsncpy,wcslen,wcscat,GetDriveTypeW,FindFirstFileW,FindClose,GetFileAttributesW,GetDriveTypeW,8_2_0041C085
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0041C1F3 wcsncpy,wcslen,wcscat,wcscpy,FindFirstFileW,wcscmp,wcscpy,wcscat,FindFirstFileW,wcscpy,wcscat,wcscmp,wcscmp,FindNextFileW,FindClose,wcscpy,wcscat,FindFirstFileW,SetFileAttributesW,wcscpy,wcscat,wcscmp,wcscmp,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,8_2_0041C1F3
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_6CBAA4E9 FindFirstFileExW,_free,28_2_6CBAA4E9
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\userJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppDataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start MenuJump to behavior
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]28_2_0BEB5748
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]28_2_0BEB5747
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]28_2_0BEB5739
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then mov esp, ebp28_2_0BEFFB70
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then mov esp, ebp28_2_0BEFFAD8
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then mov esp, ebp28_2_0BEFFAD3
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]28_2_0BF003B8
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]28_2_0BF003A8
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then movzx eax, byte ptr [01994F54h]28_2_0BF00040
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then movzx eax, byte ptr [01994F51h]28_2_0BF00040
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then mov ecx, dword ptr [ebp-54h]28_2_0BF00040
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]28_2_0BF017A8
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]28_2_0BF015E0
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]28_2_0BF0159B

                      Networking

                      barindex
                      Snort IDS alert for network traffic
                      Source: TrafficSnort IDS: 2853192 ETPRO TROJAN Win32/XWorm V3 CnC Command - sendPlugin Outbound 192.168.2.4:49734 -> 209.25.140.212:15762
                      Source: TrafficSnort IDS: 2852870 ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes 209.25.140.212:15762 -> 192.168.2.4:49734
                      Source: TrafficSnort IDS: 2852923 ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) 192.168.2.4:49734 -> 209.25.140.212:15762
                      Source: TrafficSnort IDS: 2852874 ETPRO TROJAN Win32/XWorm CnC PING Command Inbound M2 209.25.140.212:15762 -> 192.168.2.4:49734
                      Source: TrafficSnort IDS: 2855924 ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound 192.168.2.4:49734 -> 209.25.140.212:15762
                      C2 URLs / IPs found in malware configuration
                      Source: Malware configuration extractorURLs: title-formula.at.ply.gg
                      Connects to many ports of the same IP (likely port scanning)
                      Source: global trafficTCP traffic: 209.25.140.212 ports 15762,1,2,5,6,7
                      Yara detected Generic Downloader
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, type: UNPACKEDPE
                      Source: global trafficTCP traffic: 192.168.2.4:49734 -> 209.25.140.212:15762
                      Source: global trafficHTTP traffic detected: GET /api/v2/getwapi.ashx?key=Ju9SWyJu9WQwgnmtZo7m2meGaJg8ciMVZGByC HTTP/1.1Host: botmaster.mediaplus.meConnection: Keep-Alive
                      Source: Joe Sandbox ViewIP Address: 162.159.61.3 162.159.61.3
                      Source: Joe Sandbox ViewIP Address: 172.64.41.3 172.64.41.3
                      Source: Joe Sandbox ViewASN Name: COGECO-PEER1CA COGECO-PEER1CA
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: web.whatsapp.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /stylex-176c9103de3ad9ce77b1b6511982bf5d.css HTTP/1.1Host: web.whatsapp.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://web.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: POST /api/browser/edge/data/toptraffic/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 754Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiZVBGM3g4bUZHakJPTU9JNXhHWkQwUT09IiwgImhhc2giOiJ5V21Ib0VjdVRITT0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "170540185939602997400506234197983529371"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
                      Source: global trafficHTTP traffic detected: POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 754Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiZVBGM3g4bUZHakJPTU9JNXhHWkQwUT09IiwgImhhc2giOiJ5V21Ib0VjdVRITT0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "636976985063396749.rel.v2"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
                      Source: global trafficHTTP traffic detected: POST /api/browser/edge/data/settings/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 754Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiZVBGM3g4bUZHakJPTU9JNXhHWkQwUT09IiwgImhhc2giOiJ5V21Ib0VjdVRITT0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "2.0-0"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
                      Source: global trafficHTTP traffic detected: POST /wa_qpl_data HTTP/1.1Host: graph.whatsapp.netConnection: keep-aliveContent-Length: 1186sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryIdIA2DLLOnPRD8FEAccept: */*Origin: https://web.whatsapp.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://web.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Sec-WebSocket-Key: CyBqXT+TEqvEfDjXYOiLfQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                      Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Sec-WebSocket-Key: cHU1+tHHVTa94ohtwhrPqw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                      Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Sec-WebSocket-Key: ZPNXETgzC0nJavj88P4KpA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: unknownTCP traffic detected without corresponding DNS query: 20.118.82.167
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: web.whatsapp.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /stylex-176c9103de3ad9ce77b1b6511982bf5d.css HTTP/1.1Host: web.whatsapp.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://web.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                      Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Sec-WebSocket-Key: CyBqXT+TEqvEfDjXYOiLfQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                      Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Sec-WebSocket-Key: cHU1+tHHVTa94ohtwhrPqw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                      Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Sec-WebSocket-Key: ZPNXETgzC0nJavj88P4KpA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                      Source: global trafficHTTP traffic detected: GET /api/v2/getwapi.ashx?key=Ju9SWyJu9WQwgnmtZo7m2meGaJg8ciMVZGByC HTTP/1.1Host: botmaster.mediaplus.meConnection: Keep-Alive
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: !https://www.facebook.com/%s/shop/ equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000002.3033374346.00002A90003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: #et https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data ht equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3064687880.0000477400F5C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3054347659.000047740000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3059954327.000047740078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3064687880.0000477400F5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com3ytG equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3059954327.000047740078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.comS equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2508741501.0000477401024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.comc equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2508741501.0000477401024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.comc['self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3060990985.0000477400924000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.comsapp.com:0}}} equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3056085630.00004774001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.comur factory. equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060513653.0000477400834000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: https://www.youtube.com/embed/ equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3063551362.0000477400D6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: https://www.youtube.com/embed/q equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3064133314.0000477400E88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: https://www.youtube.com/embed/tG equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2508741501.0000477401024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob:g_data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net91'self' data: blob: https://www.youtube.com/embed/ equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 0000002D.00000002.3033374346.00002A90003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: **.giphy.comata: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com[ equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2660852649.00002A9000AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *om https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster:?0strict-transport-security:max-age=31536000; preload; includeSubDomainsx-fb-debug:moQfMemwpM/Uliw5Uco5hv5cZ0o4w/paCFEhjhvH+olfOOG5uPG1QW9iVig/TJ3MLqxbx7nERFAlCsPpzqnzvw==content-length:399date:Sun, 10 Mar 2024 16:31:37 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=202, rtx=0, c=1619, mss=1232, tbw=3160565, tp=2608, tpl=0, uplat=1, ullat=-1alt-svc:h3=":443 equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2660852649.00002A9000AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *om https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster:?0strict-transport-security:max-age=31536000; preload; includeSubDomainsx-fb-debug:moQfMemwpM/Uliw5Uco5hv5cZ0o4w/paCFEhjhvH+olfOOG5uPG1QW9iVig/TJ3MLqxbx7nERFAlCsPpzqnzvw==content-length:399date:Sun, 10 Mar 2024 16:31:37 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=202, rtx=0, c=1619, mss=1232, tbw=3160565, tp=2608, tpl=0, uplat=1, ullat=-1alt-svc:h3=":443 equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2715936945.0000477401024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: :2https://www.facebook.com/csp/reporting/?minimize=0 equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: :https://www.facebook.com/policies/other-policies/ais-terms equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3065864024.0000477401110000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ?www.facebook.com equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3060563633.000047740084C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @y:Accept-Encodingcontent-encoding:brcontent-type:application/javascript; charset=UTF-8reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}content-security-policy-report-only:default-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullsc
                      Source: msedgewebview2.exe, 00000028.00000002.3060563633.000047740084C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @y:Accept-Encodingcontent-encoding:brcontent-type:application/javascript; charset=UTF-8reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}content-security-policy-report-only:default-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullsc
                      Source: msedgewebview2.exe, 0000002D.00000003.2648794746.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: C;https://www.facebook.com/browser_reporting/coep/?minimize=0C;https://www.facebook.com/browser_reporting/coop/?minimize=0@8https://www.whatsapp.com/whatsapp_browser_error_reports/@8https://www.whatsapp.com/whatsapp_browser_error_reports/ equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: C;https://www.facebook.com/browser_reporting/coep/?minimize=0C;https://www.facebook.com/browser_reporting/coop/?minimize=0UMhttps://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown@8https://www.whatsapp.com/whatsapp_browser_error_reports/ equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ghttps://www.facebook.com/privacy/guide/genai?entry_point=whatsapp_genai equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2519713911.00002A9000368000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200 OKContent-Type: text/html;charset=utf-8Vary: Accept-Encoding, User-Agent, Accept-LanguageVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy: force-load-at-toppermissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy: cross-origincross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: unsafe-none;report-to="coop_report"Pragma: no-cacheCache-Control: no-cacheExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0content-security-policy: frame-ancestors 'self';content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.c
                      Source: msedgewebview2.exe, 0000002D.00000003.2519713911.00002A9000368000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200 OKContent-Type: text/html;charset=utf-8Vary: Accept-Encoding, User-Agent, Accept-LanguageVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy: force-load-at-toppermissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy: cross-origincross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: unsafe-none;report-to="coop_report"Pragma: no-cacheCache-Control: no-cacheExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0content-security-policy: frame-ancestors 'self';content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.c
                      Source: msedgewebview2.exe, 0000002D.00000003.2648794746.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 20:29:16 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*
                      Source: msedgewebview2.exe, 0000002D.00000003.2648794746.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 20:29:16 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*
                      Source: msedgewebview2.exe, 0000002D.00000003.2658721103.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 20:29:16 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*
                      Source: msedgewebview2.exe, 0000002D.00000003.2658721103.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 20:29:16 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*
                      Source: msedgewebview2.exe, 0000002D.00000003.2658486819.00002A9000B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 23:07:07 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                      Source: msedgewebview2.exe, 0000002D.00000003.2658486819.00002A9000B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 23:07:07 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                      Source: msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 23:36:04 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                      Source: msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 23:36:04 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                      Source: msedgewebview2.exe, 0000002D.00000003.2539327887.00002A90003F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 23:36:04 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                      Source: msedgewebview2.exe, 0000002D.00000003.2539327887.00002A90003F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 23:36:04 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:image/pngvary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 15:41:35 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: b
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:image/pngvary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 15:41:35 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: b
                      Source: msedgewebview2.exe, 0000002D.00000003.2526983668.00002A90003EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:20:37 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.
                      Source: msedgewebview2.exe, 0000002D.00000003.2526983668.00002A90003EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:20:37 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.
                      Source: msedgewebview2.exe, 0000002D.00000003.2648495812.00002A9000148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200vary:Accept-Encodingcontent-encoding:brcontent-type:application/json; charset=utf-8x-robots-tag:noindexreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:private, no-cache, no-store, must-revalidateexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com
                      Source: msedgewebview2.exe, 0000002D.00000003.2648495812.00002A9000148000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200vary:Accept-Encodingcontent-encoding:brcontent-type:application/json; charset=utf-8x-robots-tag:noindexreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:private, no-cache, no-store, must-revalidateexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com
                      Source: msedgewebview2.exe, 0000002D.00000002.3036326809.00002A9000514000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Qrata: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3056612931.000047740023C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: _data: 'ss.com https://fonts.gstatic.com https://static.whatsapp.net91'self' data: blob: https://www.youtube.com/embed/ equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `ob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3066456013.00004774015A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `ob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3066456013.00004774015A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `ob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.comet equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 0000002D.00000002.3036326809.00002A9000514000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ata: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 0000002D.00000002.3036326809.00002A9000514000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ata: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com* equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 0000002D.00000002.3033374346.00002A90003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ata: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000002.3033374346.00002A90003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ata: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com* equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3056085630.00004774001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ata: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.comGt equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: content-security-policy-report-only:default-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: content-security-policy-report-only:default-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 0000002D.00000003.2519713911.00002A9000368000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2519713911.00002A9000368000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 0000002D.00000003.2658927166.00002A90004F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/" equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2715936945.0000477401024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com:2https://www.facebook.com/csp/reporting/?minimize=0 equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2658721103.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2658721103.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.comJBdata: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2715936945.0000477401024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.netiadata: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/ equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2715936945.0000477401024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3059245875.00004774006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.comeGtk equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3066316703.000047740157C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/ equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3061536913.0000477400A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;Gt equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3061536913.0000477400A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;Gt equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 0000002D.00000003.2658721103.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2658721103.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3058855343.000047740061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;Gtb equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3058855343.000047740061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;Gtb equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 0000002D.00000002.3033374346.00002A90003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: et https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000002.3033374346.00002A90003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: et https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com[ equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2658145859.000047740024C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2658145859.000047740024C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000003.2658145859.000047740024C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:no-cacheexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https
                      Source: msedgewebview2.exe, 00000028.00000003.2658145859.000047740024C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:no-cacheexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/%s/shop/ equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058185053.00004774004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/* equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2508741501.0000477401024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/browser_reporting/coep/?minimize=0 equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2508741501.0000477401024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/browser_reporting/coop/?minimize=0 equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2715936945.0000477401024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/csp/reporting/?minimize=0 equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3063551362.0000477400D6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/csp/reporting/?minimize=0@ equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/policies/other-policies/ais-terms equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/privacy/guide/genai?entry_point=whatsapp_genai equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/privacy/policy equals www.facebook.com (Facebook)
                      Source: BotMaster.exe, 0000001C.00000000.2278490909.0000000000EE2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: mailto:{0}qhttps://www.youtube.com/channel/UCYVg9u9eLx2gQ80OlwoJKYwAhttps://twitter.com/khaldoun_bazOhttps://www.instagram.com/mediaplus.me/ equals www.twitter.com (Twitter)
                      Source: BotMaster.exe, 0000001C.00000000.2278490909.0000000000EE2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: mailto:{0}qhttps://www.youtube.com/channel/UCYVg9u9eLx2gQ80OlwoJKYwAhttps://twitter.com/khaldoun_bazOhttps://www.instagram.com/mediaplus.me/ equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.comGt\* equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3066456013.00004774015A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3066456013.00004774015A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.comGt equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3066316703.000047740157C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/ equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 0000002D.00000003.2660852649.00002A9000AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: om https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2660852649.00002A9000AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: om https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 0000002D.00000003.2519713911.00002A9000368000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"} equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2648794746.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"} equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"} equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2519713911.00002A9000368000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/" equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2648794746.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/" equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/" equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3061536913.0000477400A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3061536913.0000477400A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3058855343.000047740061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3058855343.000047740061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0; equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3058855343.000047740061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;Gta equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3058855343.000047740061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;Gta equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3058855343.000047740061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;Gtb"src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https:/
                      Source: msedgewebview2.exe, 00000028.00000002.3058855343.000047740061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;Gtb"src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https:/
                      Source: msedgewebview2.exe, 00000028.00000002.3058855343.000047740061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;Gtb) equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3058855343.000047740061C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';script-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://static.whatsapp.net;connect-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self';frame-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval' 'self' https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;Gtb) equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000002.3061536913.0000477400A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tG,!tGdefault-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3061536913.0000477400A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tG,!tGdefault-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: u4'https://www.facebook.com/privacy/policy equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3056693519.0000477400250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
                      Source: BotMaster.exe, 0000001C.00000000.2278490909.0000000000EE2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: yyyy.MM.ddIhttps://www.facebook.com/mediaplusmeOhttps://web.whatsapp.com/send?phone={0} equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3061536913.0000477400A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ~src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;Gt equals www.facebook.com (Facebook)
                      Source: msedgewebview2.exe, 00000028.00000002.3061536913.0000477400A0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ~src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;Gt equals www.youtube.com (Youtube)
                      Source: unknownDNS traffic detected: queries for: title-formula.at.ply.gg
                      Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://129fy.ie.chalai.net
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://360kjedge.dh.softby.cn
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://360kjedge.xrccp.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://430360cs.yc.anhuang.net
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://511sllqdkj.yc.anhuang.net
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://511zdqdkj.yc.anhuang.net
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://608hyestn.yc.ceg29.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://625mressw.yc.ceg29.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://803hyescs.30bz.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aldkj207.dh.softby.cn
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aldkj827.xrccp.com
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331071799.000000CC0014C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480832183.000047D000150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                      Source: msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136H
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136edS
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162M
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517or
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970U
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078h
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                      Source: msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205:
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206E
                      Source: msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206G
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452earch
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502h
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586l
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                      Source: msedgewebview2.exe, 0000002C.00000002.3045311392.000047D0000A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625G
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                      Source: msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                      Source: msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428hop
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/45518
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551nces
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633e
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/48360
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                      Source: msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901;
                      Source: msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901P
                      Source: msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937search
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331071799.000000CC0014C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480832183.000047D000150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                      Source: msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007ancedG
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007yH
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055andler
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061Host
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061W
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/53719
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375arch
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                      Source: msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421supportsDepthClipControl
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535E
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                      Source: msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658)
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                      Source: msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750)
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750ty
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881&
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881er
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881ndler
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906B
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906C
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906F
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906G
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906V
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906agerV
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906erviceO
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906ger
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906useCullModeDynamicState
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                      Source: msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041R
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248viderR
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439/
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651shop
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                      Source: msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876G
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878J
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331071799.000000CC0014C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480832183.000047D000150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036)
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036ides
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                      Source: msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279)
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279p
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406d
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488G
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488Y
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488agerW
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331071799.000000CC0014C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480832183.000047D000150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                      Source: msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724)
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724ancedG
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724r
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331071799.000000CC0014C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480832183.000047D000150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760F
                      Source: msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760ancedS
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760off
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/77615
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162earch
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215arch
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229earch
                      Source: msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                      Source: msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280F
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280G
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280ault
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bd.gy912.com
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bit.ly/2kdckMn
                      Source: BotMaster.exe, 0000001C.00000002.3021243007.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://botmaster.mediaplus.me
                      Source: BotMaster.exe, 0000001C.00000000.2278490909.0000000000EE2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://botmaster.mediaplus.me/api/v1/checkKey.ashxAError
                      Source: BotMaster.exe, 0000001C.00000002.3021243007.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://botmaster.mediaplus.me/api/v2/getwapi.ashx?key=Ju9SWyJu9WQwgnmtZo7m2meGaJg8ciMVZGByC
                      Source: BotMaster.exe, 0000001C.00000000.2278490909.0000000000EE2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://botmaster.mediaplus.me/api/v2/getwapi.ashx?key=Ju9SWyJu9WQwgnmtZo7m2meGaJg8ciMVZGByC3https://
                      Source: BotMaster.exe, 0000001C.00000000.2278490909.0000000000EE2000.00000002.00000001.01000000.0000000D.sdmp, BotMaster.exe, 0000001C.00000002.3021243007.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://businesswhatsappsender.mediaplus.me/api/v1/GetExKey.ashx
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065090254.0000477400FDD000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660512967.00004774015C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3059588713.000047740070C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658145859.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658182221.0000477401078000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2521825103.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657854327.0000477400FCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658334771.0000477400FA8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658296511.0000477401580000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660572668.00004774015AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658397859.0000477401484000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657820979.000047740088C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658250927.00004774015BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3055756180.0000477400184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065354888.0000477401019000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2526983668.00002A90003EC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2658486819.00002A9000B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt0
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdmg.yuchiweb.icu
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://click.dotmap.co.kr/?pf_code=
                      Source: svchost.exe, 0000001D.00000002.3028038031.00000228FD200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065090254.0000477400FDD000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660512967.00004774015C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3059588713.000047740070C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658145859.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658182221.0000477401078000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2521825103.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657854327.0000477400FCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658334771.0000477400FA8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658296511.0000477401580000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660572668.00004774015AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658397859.0000477401484000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657820979.000047740088C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658250927.00004774015BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3055756180.0000477400184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065354888.0000477401019000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2526983668.00002A90003EC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2658486819.00002A9000B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl04
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065090254.0000477400FDD000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660512967.00004774015C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3059588713.000047740070C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658145859.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658182221.0000477401078000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2521825103.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657854327.0000477400FCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658334771.0000477400FA8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658296511.0000477401580000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660572668.00004774015AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658397859.0000477401484000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657820979.000047740088C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3061536913.0000477400A0C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658250927.00004774015BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065354888.0000477401019000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2526983668.00002A90003EC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2658486819.00002A9000B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065090254.0000477400FDD000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660512967.00004774015C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3059588713.000047740070C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658145859.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658182221.0000477401078000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2521825103.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657854327.0000477400FCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658334771.0000477400FA8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658296511.0000477401580000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660572668.00004774015AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658397859.0000477401484000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657820979.000047740088C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658250927.00004774015BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3055756180.0000477400184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065354888.0000477401019000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2526983668.00002A90003EC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2658486819.00002A9000B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl0
                      Source: msedgewebview2.exe, 00000026.00000002.2394187252.000032740027C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2356801956.00003274006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2356688624.0000327400694000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2357136221.00003274006AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crrev.com/c/2555698.
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://df.edge.bdkj.bailiana.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://df.edge.qhkj.baicana.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://df.edge.zdkj.ker58.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://df.zm.zdkj.ker58.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dongtaiwang.com/loc/phome.php?v=
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dongtaiwang.com/loc/phome.php?v=odo
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD418000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD44D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD491000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                      Source: msedgewebview2.exe, 0000002D.00000003.2715597498.00002A9000804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fburl.com/js-libs-www
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://game.whwuyan.cn
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hao123.di178.com/?
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hao123.di178.com/?r916
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hao123kjedge.dh.softby.cn
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3047883867.000047D000146000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                      Source: msedgewebview2.exe, 00000028.00000002.3062005042.0000477400ADC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929n
                      Source: msedgewebview2.exe, 00000023.00000002.2392598011.000000CC00104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929permanentlySwitchToFramebufferFetchMode
                      Source: BotMaster.exe, 0000001C.00000002.3149221153.000000000D242000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: http://james.newtonking.com/projects/json
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jg.wangamela.com/tg
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mini.yyrtv.com/?from=
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://momentjs.com/guides/#/warnings/add-inverted-param/
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://momentjs.com/guides/#/warnings/define-locale/
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://momentjs.com/guides/#/warnings/dst-shifted/
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://momentjs.com/guides/#/warnings/js-date/
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://momentjs.com/guides/#/warnings/min-max/
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://momentjs.com/guides/#/warnings/zone/
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://navi.anhuiyunci.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://navi.programmea.com
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065090254.0000477400FDD000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660512967.00004774015C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3059588713.000047740070C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658145859.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658182221.0000477401078000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2521825103.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657854327.0000477400FCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658334771.0000477400FA8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658296511.0000477401580000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660572668.00004774015AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658397859.0000477401484000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657820979.000047740088C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3061536913.0000477400A0C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658250927.00004774015BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065354888.0000477401019000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2526983668.00002A90003EC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2658486819.00002A9000B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0K
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065090254.0000477400FDD000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660512967.00004774015C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3059588713.000047740070C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658145859.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658182221.0000477401078000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2521825103.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657854327.0000477400FCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658334771.0000477400FA8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058855343.000047740061C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658296511.0000477401580000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660572668.00004774015AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658397859.0000477401484000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657820979.000047740088C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658250927.00004774015BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3055756180.0000477400184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065354888.0000477401019000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2526983668.00002A90003EC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2658486819.00002A9000B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0M
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                      Source: msedgewebview2.exe, 00000028.00000002.3056280746.00004774001F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://permanently-removed.invalid/
                      Source: msedgewebview2.exe, 00000028.00000002.3064687880.0000477400F5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://permanently-removed.invalid/safebrowsing/clientreport/chrome-certs
                      Source: msedgewebview2.exe, 00000028.00000002.3054750978.0000477400090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://permanently-removed.invalid/v1/accountcapabilities:batchGet
                      Source: msedgewebview2.exe, 00000021.00000002.2558582842.00006CE000558000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058458099.0000477400550000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://playinfo.gomlab.com/ending_browser.gom?product=GOMPLAYER
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r.emsoso.cn
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r.jgxqebp.cn
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2075054867.0000000002CBB000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 0000000B.00000002.3028502871.0000000002851000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2198821760.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000015.00000002.2561460834.0000000002E27000.00000004.00000800.00020000.00000000.sdmp, BotMaster.exe, 0000001C.00000002.3021243007.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://service.whchenxiang.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sgcs.edge.ker58.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sgkjedge.47gs.com
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tiny.jio.com/.
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tx.edge.ker58.com
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3061956738.0000477400AC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vi.liveen.vn/p/home.html
                      Source: BotMaster.exe, 0000001C.00000000.2278490909.0000000000EE2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://wa.me/
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://web.113989.com/?
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://web.503188.com/?
                      Source: msedgewebview2.exe, 00000028.00000003.2521223401.00004774010C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://web.whatsapp.com/
                      Source: msedgewebview2.exe, 00000028.00000003.2521223401.00004774010C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://web.whatsapp.com/R
                      Source: msedgewebview2.exe, 00000028.00000003.2521223401.00004774010C5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://web.whatsapp.com/v
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.4399.com/flash/32979.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.4399.com/flash/48399.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.4399.com/flash/seer.htm
                      Source: msedgewebview2.exe, 0000002D.00000003.2715597498.00002A9000804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2715597498.00002A9000804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                      Source: msedgewebview2.exe, 00000028.00000002.3059193210.0000477400690000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065090254.0000477400FDD000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660512967.00004774015C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3059588713.000047740070C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658145859.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658182221.0000477401078000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2521825103.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657854327.0000477400FCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658334771.0000477400FA8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058855343.000047740061C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658296511.0000477401580000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660572668.00004774015AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658397859.0000477401484000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657820979.000047740088C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658250927.00004774015BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3055756180.0000477400184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065354888.0000477401019000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2526983668.00002A90003EC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2658486819.00002A9000B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.dinoklafbzor.org
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.hao123.com.11818wz.com/?e
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                      Source: BotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xt.tiantianbannixue.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2548129961.00006CE0001B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3055961340.00004774001B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://zn728.tdg68.com
                      Source: msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://.giphy.
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://123.sogou.com/?
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://17roco.qq.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://360.qrfq25sg.xyz
                      Source: msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3055961340.00004774001B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://656a.com
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://_user_prefs_key_store_.whatsapp.com/
                      Source: msedgewebview2.exe, 00000024.00000002.2372353899.000004BC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://alekberg.net/privacy
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162K
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246I
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308hopGGG
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319%tGm
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/73207
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320ler=
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369G
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369ost0
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369rch
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489S
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489ler
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/76045
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714$
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                      Source: msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/78474
                      Source: msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847er
                      Source: msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                      Source: msedgewebview2.exe, 00000028.00000002.3055560195.0000477400158000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://atsapp.net/w
                      Source: msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ausu.lol
                      Source: msedgewebview2.exe, 00000028.00000002.3056215540.00004774001E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://azureedge.net/
                      Source: msedgewebview2.exe, 00000021.00000002.2554442734.00006CE00040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3057766231.000047740040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://baduk.hangame.com/?utm_source=baduk&utm_medium=icon&utm_campaign=shortcut
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://browser.360.cn/saas/index.html
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://browser.cloud.huawei.com.cn/pc
                      Source: BotMaster.exe, 0000001C.00000000.2278490909.0000000000EE2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://businesswhatsappsender.com/
                      Source: msedgewebview2.exe, 00000028.00000002.3056280746.00004774001F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.designerapp.osi.office.net/
                      Source: msedgewebview2.exe, 00000028.00000002.3056280746.00004774001F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.edog.designerapp.osi.office.net/
                      Source: msedgewebview2.exe, 00000028.00000002.3056280746.00004774001F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.int.designerapp.osi.office.net/
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
                      Source: msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryed
                      Source: msedgewebview2.exe, 00000026.00000002.2393984805.0000327400254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                      Source: msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                      Source: msedgewebview2.exe, 00000026.00000002.2393984805.0000327400254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                      Source: msedgewebview2.exe, 00000026.00000002.2393984805.0000327400254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F4EB74897CB187C7633357C2FE8
                      Source: msedgewebview2.exe, 00000028.00000002.3063551362.0000477400D6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
                      Source: msedgewebview2.exe, 00000024.00000002.2372353899.000004BC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium.dns.nextdns.io
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cleanbrowsing.org/privacy
                      Source: msedgewebview2.exe, 00000026.00000002.2394477509.00003274002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://code.51.com
                      Source: msedgewebview2.exe, 00000028.00000002.3055142155.00004774000E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.com/config/v1/Edge/117.0.2045.47?clientId=-5575592107330419800&agents=Edge
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crashlogs.whatsapp.net/wa_clb_data
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crashlogs.whatsapp.net/wa_fls_upload_check
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://daohang.96zxue.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://de.withtls.net
                      Source: msedgewebview2.exe, 00000028.00000002.3056280746.00004774001F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp-dogfood.azurewebsites.net/
                      Source: msedgewebview2.exe, 00000028.00000002.3056280746.00004774001F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp-int.azurewebsites.net/
                      Source: msedgewebview2.exe, 00000028.00000002.3056280746.00004774001F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.azurewebsites.net/
                      Source: msedgewebview2.exe, 00000028.00000002.3056280746.00004774001F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.azurewebsites.net/net//
                      Source: msedgewebview2.exe, 00000028.00000002.3057973015.000047740044C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.officeapps.live.com/designerapp/TraceRequest.ashx
                      Source: msedgewebview2.exe, 00000028.00000002.3057973015.000047740044C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.officeapps.live.com/designerapp/TraceRequest.ashxn_value
                      Source: msedgewebview2.exe, 00000028.00000002.3057973015.000047740044C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.officeapps.live.com/designerapp/suggestions.ashx
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dev.tg.wan.360.cn/?
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2213905614.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors).
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2213905614.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/HTTP/Headers/X-Frame-Options)
                      Source: msedgewebview2.exe, 00000024.00000002.2372874151.000004BC00088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
                      Source: msedgewebview2.exe, 00000024.00000002.2372479627.000004BC00024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacy
                      Source: msedgewebview2.exe, 00000024.00000002.2372479627.000004BC00024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacyquery
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discovery.lenovo.com.cn/home
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discovery.lenovo.com.cn/home062291
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.google/dns-query
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.levonet.sk/dns-query
                      Source: msedgewebview2.exe, 00000024.00000002.2372353899.000004BC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.quad9.net/dns-query
                      Source: msedgewebview2.exe, 00000024.00000002.2372353899.000004BC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.sb/privacy/
                      Source: msedgewebview2.exe, 00000024.00000002.2372353899.000004BC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.sb/privacy/Char
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns10.quad9.net/dns-query
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns11.quad9.net/dns-query
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns64.dns.google/dns-query
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dnsnl.alekberg.net/dns-query
                      Source: BotMaster.exeString found in binary or memory: https://docs.mi
                      Source: BotMaster.exeString found in binary or memory: https://docs.mic
                      Source: BotMaster.exeString found in binary or memory: https://docs.micr
                      Source: BotMaster.exeString found in binary or memory: https://docs.micros
                      Source: BotMaster.exeString found in binary or memory: https://docs.microso
                      Source: BotMaster.exeString found in binary or memory: https://docs.microsof
                      Source: BotMaster.exeString found in binary or memory: https://docs.microsoft
                      Source: BotMaster.exeString found in binary or memory: https://docs.microsoft.c
                      Source: BotMaster.exeString found in binary or memory: https://docs.microsoft.co
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh-01.spectrum.com/dns-query
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh-02.spectrum.com/dns-query
                      Source: msedgewebview2.exe, 00000024.00000002.2372479627.000004BC00024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
                      Source: msedgewebview2.exe, 00000024.00000002.2372479627.000004BC00024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
                      Source: msedgewebview2.exe, 00000024.00000002.2372479627.000004BC00024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
                      Source: msedgewebview2.exe, 00000024.00000002.2372353899.000004BC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cox.net/dns-query
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.dns.sb/dns-query
                      Source: msedgewebview2.exe, 00000024.00000002.2372479627.000004BC00024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.familyshield.opendns.com/dns-query
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.opendns.com/dns-query
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.quickline.ch/dns-query
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.xfinity.com/dns-query
                      Source: msedgewebview2.exe, 00000028.00000003.2658145859.000047740024C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dyn.web.whatsapp.com
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dyn.web.whatsapp.com/
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dyn.web.whatsapp.com/)(
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dyn.web.whatsapp.com/pp?t=l&u=
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dyn.web.whatsapp.com/pp?t=s&u=
                      Source: msedgewebview2.exe, 0000002D.00000002.3033374346.00002A90003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dyn.web6
                      Source: msedgewebview2.exe, 0000002D.00000002.3033374346.00002A90003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dyn.webu
                      Source: msedgewebview2.exe, 00000021.00000002.2558582842.00006CE000558000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3057973015.000047740044C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://easyauth.edgebrowser.microsoft-falcon.io/
                      Source: msedgewebview2.exe, 00000021.00000002.2558582842.00006CE000558000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3057973015.000047740044C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://easyauth.edgebrowser.microsoft-staging-falcon.io/
                      Source: msedgewebview2.exe, 00000021.00000002.2558582842.00006CE000558000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3057973015.000047740044C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://easyauth.edgebrowser.microsoft-testing-falcon.io/
                      Source: msedgewebview2.exe, 0000002D.00000002.3025517760.00002A9000101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ecs.nel.measure.office.net/?TenantId=Edge&DestinationEndpoint=Edge-Prod-LAX31r5a&FrontEnd=AF
                      Source: msedgewebview2.exe, 00000024.00000002.2373113495.000004BC000C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=Edge&DestinationEndpoint=Edge-Prod-LAX31r5a&FrontEnd=AFD
                      Source: msedgewebview2.exe, 00000028.00000002.3060513653.0000477400834000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2485564669.00004774002F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3057093904.00004774002F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484442202.00004774002F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2480287889.00004774002F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edge-conumer-static.azureedge.net/static/edropstatic/2023/09/13/2/static/css/main.ae43b158.c
                      Source: msedgewebview2.exe, 00000028.00000003.2480287889.00004774002F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edge-conumer-static.azureedge.net/static/edropstatic/2023/09/13/2/static/js/main.2c5481de.js
                      Source: msedgewebview2.exe, 00000021.00000002.2548129961.00006CE0001B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3055961340.00004774001B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edge.ilive.cn
                      Source: msedgewebview2.exe, 00000028.00000003.2529911463.0000012EB8369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://eu-9.smartscreen
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://faq.whatsapp.com
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://faq.whatsapp.com/1134168457974360
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://faq.whatsapp.com/253337763937767
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://faq.whatsapp.com/659113242716268
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://faq.whatsapp.com/725152392426717
                      Source: msedgewebview2.exe, 00000028.00000003.2610682017.0000012EB8369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.smartsc10.0.19045.2006.vb_release
                      Source: msedgewebview2.exe, 00000028.00000003.2610682017.0000012EB8369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.smartsc10.0.19045.2006.vb_release.aspx
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD4C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD472000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD4C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD4A3000.00000004.00000800.00020000.00000000.sdmp, svchost.exe, 0000001D.00000003.2299678126.00000228FD4E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD4C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gamebox.160.com/static
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2215373219.00000000039D6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json/issues/652
                      Source: msedgewebview2.exe, 0000002D.00000003.2715597498.00002A9000804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dcodeIO/ByteBuffer.js
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dcodeIO/ProtoBuf.js/wiki/Services
                      Source: msedgewebview2.exe, 0000002D.00000003.2715597498.00002A9000804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dcodeIO/long.js
                      Source: msedgewebview2.exe, 0000002D.00000003.2715597498.00002A9000804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dcodeIO/protobuf.js
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dfahlander/Dexie.js/wiki/Deprecations.
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2217426386.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2217426386.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2217080965.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2217080965.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2218075402.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/runtime
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2083222845.00000000048C0000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2198821760.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2203478621.000000000468C000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000027.00000002.2375843757.0000000003B2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2083222845.00000000048C0000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2198821760.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2203478621.000000000468C000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000027.00000002.2375843757.0000000003B2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2083222845.00000000048C0000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2198821760.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2203478621.000000000468C000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000027.00000002.2375843757.0000000003B2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/signalapp/libsignal-protocol-java/blob/master/protobuf/WhisperTextProtocol.proto#
                      Source: msedgewebview2.exe, 00000026.00000003.2356801956.00003274006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2356519461.0000327400838000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2356688624.0000327400694000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2356801956.00003274006A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2357136221.00003274006AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/6939#issuecomment-1016679588
                      Source: msedgewebview2.exe, 00000021.00000002.2549219559.00006CE00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3056215540.00004774001E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                      Source: msedgewebview2.exe, 00000021.00000002.2549219559.00006CE00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3056215540.00004774001E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/on
                      Source: msedgewebview2.exe, 00000021.00000002.2558510793.00006CE000534000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058694445.00004774005C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gostop.hangame.com/index.nhn?gameId=msduelgo&utm_source=msduelgo&utm_medium=icon&utm_campaig
                      Source: msedgewebview2.exe, 00000028.00000003.2658145859.000047740024C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://graph.whatsapp.com/graphql/
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://graph.whatsapp.com/graphql/catalog
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://h5.mcetab.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.cn/?a1004
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?360safe
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?a1004
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?a1111
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?h_lnk
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?installer
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?src=jsqth
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?src=lm&ls=
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?wd_xp1
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?y1001
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?y1002
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?y1013
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.lenovo.ilive.cn
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.qq.com/?unc=
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.qq.com/?unc=Af31026&s=o400493_1
                      Source: msedgewebview2.exe, 00000021.00000002.2558582842.00006CE000558000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058458099.0000477400550000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao123-static.cdn.bcebos.com/manual-res/jump_index.html
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hk.eynbm.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hlj04.com
                      Source: msedgewebview2.exe, 00000026.00000003.2356801956.00003274006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2356519461.0000327400838000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2356688624.0000327400694000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2356801956.00003274006A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2357136221.00003274006AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/C/#the-details-and-summary-elements
                      Source: msedgewebview2.exe, 00000026.00000003.2356801956.00003274006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2356519461.0000327400838000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2356688624.0000327400694000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2356801956.00003274006A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2357136221.00003274006AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#flow-content-3
                      Source: msedgewebview2.exe, 00000026.00000003.2356801956.00003274006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2356519461.0000327400838000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2356688624.0000327400694000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2356801956.00003274006A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2357136221.00003274006AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#hidden-elements
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ilive.lenovo.com.cn/?f=
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://int.msn.cn/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://int.msn.com/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://int1.msn.cn/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://int1.msn.com/
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://internet-start.net/?
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3047883867.000047D000146000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                      Source: msedgewebview2.exe, 00000028.00000002.3062005042.0000477400ADC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006ry
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3047883867.000047D000146000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                      Source: msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097ure
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3047883867.000047D000146000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3047883867.000047D000146000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                      Source: msedgewebview2.exe, 00000028.00000002.3062005042.0000477400ADC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444dler
                      Source: msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444ys
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3047883867.000047D000146000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/2200699030
                      Source: msedgewebview2.exe, 00000023.00000002.2392598011.000000CC00104000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903moryGT4LE8GB
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3047883867.000047D000146000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3047883867.000047D000146000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3047883867.000047D000146000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3047883867.000047D000146000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748abDropdown
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3047883867.000047D000146000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/2582074030
                      Source: msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                      Source: msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                      Source: msedgewebview2.exe, 00000023.00000002.2386603556.000000CC00028000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043718745.000047D000028000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273J
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jg.awaliwa.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jianjie.2345.com
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kf.07073.com
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://l.wl.co/l
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lenovo.ilive.cn
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lenovo.ilive.cn/?f=
                      Source: msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lenovo.ilive.cnhttps://hao.lenovo.ilive.cn
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058185053.00004774004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://localhost.msn.com/
                      Source: msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login-us.microsoftonline.com/
                      Source: msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.chinacloudapi.cn/
                      Source: msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.cloudgovapi.us/
                      Source: msedgewebview2.exe, 00000021.00000002.2521180773.0000029E1A500000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2461631474.0000029E186C9000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2521180773.0000029E1A511000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2518174737.0000029E186CB000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2485564669.00004774002F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3057093904.00004774002F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3039355581.0000012EB64C2000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484442202.00004774002F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2503266048.0000012EB64C2000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2480287889.00004774002F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                      Source: msedgewebview2.exe, 00000028.00000002.3039355581.0000012EB64C2000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2503266048.0000012EB64C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
                      Source: msedgewebview2.exe, 00000021.00000003.2461631474.0000029E186C9000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2518174737.0000029E186CB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/P
                      Source: msedgewebview2.exe, 00000028.00000002.3042053616.0000012EB8313000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com2
                      Source: msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoft-ppe.com/
                      Source: msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3063142253.0000477400C7C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/
                      Source: msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.de/
                      Source: msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.us/
                      Source: msedgewebview2.exe, 00000028.00000002.3054819643.00004774000A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.partner.microsoftonline.cn/er
                      Source: msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.usgovcloudapi.net/
                      Source: msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/
                      Source: msedgewebview2.exe, 00000021.00000002.2521180773.0000029E1A500000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2461631474.0000029E186C9000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2518174737.0000029E186CB000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3039355581.0000012EB64C2000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2503266048.0000012EB64C2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local
                      Source: msedgewebview2.exe, 00000021.00000003.2461631474.0000029E186C9000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2518174737.0000029E186CB000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3039355581.0000012EB6492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local/
                      Source: msedgewebview2.exe, 00000021.00000003.2461631474.0000029E186C9000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2521180773.0000029E1A511000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2518174737.0000029E186CB000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2500431232.0000012EB8368000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3042053616.0000012EB8333000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2497104486.0000012EB8358000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net
                      Source: msedgewebview2.exe, 00000028.00000003.2500431232.0000012EB8368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net%USERPROFILE%
                      Source: msedgewebview2.exe, 00000028.00000003.2500431232.0000012EB8368000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3042053616.0000012EB8333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net.
                      Source: msedgewebview2.exe, 00000021.00000003.2461631474.0000029E186C9000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2518174737.0000029E186CB000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2500431232.0000012EB8368000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3042053616.0000012EB8333000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/
                      Source: msedgewebview2.exe, 00000021.00000002.2521180773.0000029E1A500000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.netm
                      Source: msedgewebview2.exe, 00000028.00000003.2497104486.0000012EB8358000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.netoml
                      Source: msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lx.pub
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lx.pub/
                      Source: msedgewebview2.exe, 00000028.00000002.3038967855.0000012EB646B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://malaysia.smar
                      Source: msedgewebview2.exe, 00000028.00000002.3038967855.0000012EB646B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://malaysia.smarscreen.Po2
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://maps.googleapis.com
                      Source: msedgewebview2.exe, 0000002D.00000002.3023093147.00002A90000A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://maps.googleapis.com/maps/api/staticmap
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058185053.00004774004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://microsoftstart.msn.cn/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://microsoftstart.msn.com/
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mini.eastday.com/?qid=04433&rfstyle=qt
                      Source: msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mini.eastday.com/?qid=04433&rfstyle=qthttp://dongtaiwang.com/loc/phome.php?v=odo
                      Source: msedgewebview2.exe, 00000028.00000002.3056215540.00004774001E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                      Source: msedgewebview2.exe, 00000028.00000002.3056215540.00004774001E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://my.4399.com/yxmsdzls/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://news.4399.com/aoqi/
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://news.4399.com/aoyazhiguang/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://news.4399.com/hxjy/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://news.4399.com/pikatang/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://news.4399.com/qiu/
                      Source: msedgewebview2.exe, 00000028.00000003.2529911463.0000012EB8369000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://newzealand.smartscreen.m10.0.19045.2006.vb_release
                      Source: msedgewebview2.exe, 00000024.00000002.2372353899.000004BC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nextdns.io/privacy
                      Source: msedgewebview2.exe, 00000024.00000002.2372353899.000004BC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nextdns.io/privacyr
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.cn/
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.cn/edge/ntp
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058185053.00004774004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ntp.www.office.com/
                      Source: msedgewebview2.exe, 00000024.00000002.2372353899.000004BC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://odvr.nic.cz/doh
                      Source: msedgewebview2.exe, 00000028.00000002.3056215540.00004774001E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD4C2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
                      Source: svchost.exe, 0000001D.00000003.2299678126.00000228FD472000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.com/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058185053.00004774004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/
                      Source: msedgewebview2.exe, 00000024.00000002.2373113495.000004BC000C1000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060513653.0000477400834000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3056280746.00004774001F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/
                      Source: msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                      Source: msedgewebview2.exe, 00000028.00000002.3054750978.0000477400090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/GetCheckConnectionInfo
                      Source: msedgewebview2.exe, 00000028.00000002.3059245875.00004774006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/GetCheckConnectionInfo?source=ChromiumBrowser
                      Source: msedgewebview2.exe, 00000028.00000002.3059022215.0000477400668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                      Source: msedgewebview2.exe, 00000028.00000002.3054750978.0000477400090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ListAccounts?json=standard
                      Source: msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                      Source: msedgewebview2.exe, 00000028.00000002.3054347659.000047740000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout?source=ChromiumBrowser&continue=https://permanently-remov
                      Source: msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxAB
                      Source: msedgewebview2.exe, 00000028.00000002.3061956738.0000477400AC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                      Source: msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                      Source: msedgewebview2.exe, 00000028.00000002.3059022215.0000477400668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
                      Source: msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                      Source: msedgewebview2.exe, 00000021.00000002.2563422388.00006CE0007B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                      Source: msedgewebview2.exe, 00000021.00000002.2563422388.00006CE0007B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.htmll
                      Source: msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/devicemanagement/data/api
                      Source: msedgewebview2.exe, 00000028.00000002.3054750978.0000477400090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/reauth/chromeos
                      Source: msedgewebview2.exe, 00000028.00000002.3054750978.0000477400090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/chrome/usermenu
                      Source: msedgewebview2.exe, 00000028.00000002.3054750978.0000477400090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignin/chromeos
                      Source: msedgewebview2.exe, 00000028.00000002.3054750978.0000477400090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignup/chromeos
                      Source: msedgewebview2.exe, 00000028.00000002.3054750978.0000477400090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/v2/chromeos
                      Source: msedgewebview2.exe, 00000028.00000002.3054750978.0000477400090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/windows
                      Source: msedgewebview2.exe, 00000028.00000002.3054750978.0000477400090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/xreauth/chrome
                      Source: msedgewebview2.exe, 00000028.00000002.3054750978.0000477400090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/encryption/unlock/desktop
                      Source: msedgewebview2.exe, 00000028.00000002.3054491395.0000477400054000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                      Source: msedgewebview2.exe, 00000028.00000002.3058936483.000047740063C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                      Source: msedgewebview2.exe, 00000028.00000002.3058936483.000047740063C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoketG
                      Source: msedgewebview2.exe, 00000028.00000002.3061956738.0000477400AC8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                      Source: msedgewebview2.exe, 00000028.00000002.3061956738.0000477400AC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multiloginGa
                      Source: msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                      Source: msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                      Source: msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfohttps://permanently-removed.invalid/oauth2/v4
                      Source: msedgewebview2.exe, 00000028.00000002.3058936483.000047740063C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                      Source: msedgewebview2.exe, 00000028.00000002.3060513653.0000477400834000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/p
                      Source: msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                      Source: msedgewebview2.exe, 00000028.00000002.3054750978.0000477400090000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/signin/chrome/sync?ssp=1
                      Source: msedgewebview2.exe, 00000028.00000002.3056967935.00004774002A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/events
                      Source: msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                      Source: msedgewebview2.exe, 00000028.00000002.3058185053.00004774004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1:GetHints
                      Source: msedgewebview2.exe, 00000024.00000002.2372353899.000004BC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-query
                      Source: msedgewebview2.exe, 00000024.00000002.2372353899.000004BC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/r
                      Source: msedgewebview2.exe, 00000028.00000002.3041520695.0000012EB8307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://qatar.s
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redian.mnjunshi.com/?qid=tpnews
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redian.mnjunshi.com/?qid=tpnewsy_pcuni
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://so.lenovo.com.cn
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssjj.4399.com/
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2083222845.00000000048C0000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2198821760.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2203478621.000000000468C000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000015.00000002.2575343992.0000000003DA7000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000027.00000002.2375843757.0000000003B2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: WinUpdate.exe, 00000010.00000002.2198821760.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2203478621.000000000468C000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000015.00000002.2561460834.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000015.00000002.2575343992.0000000003DA7000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000027.00000002.2375843757.0000000003BAE000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000027.00000002.2375843757.0000000003B2E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2083222845.00000000048C0000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2203478621.000000000468C000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000015.00000002.2575343992.0000000003DA7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://start.jword.jp/?fr=slc
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2508741501.0000477401024000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2715936945.0000477401024000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3062502390.0000477400B00000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660512967.00004774015C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060052285.00004774007A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2510360156.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3056612931.000047740023C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658182221.0000477401078000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2715815984.0000477400290000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657854327.0000477400FCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658334771.0000477400FA8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2507649713.000047740103C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658296511.0000477401580000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660572668.00004774015AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658397859.0000477401484000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3064961485.0000477400FB0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2510536179.000047740105C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658250927.00004774015BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2507774300.000047740104C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net91
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net;connect-src
                      Source: msedgewebview2.exe, 00000028.00000002.3062900608.0000477400BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.netGt
                      Source: msedgewebview2.exe, 00000028.00000002.3062900608.0000477400BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.netGtBe
                      Source: msedgewebview2.exe, 00000028.00000002.3059484463.00004774006D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.netGtn
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2715936945.0000477401024000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660512967.00004774015C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2715815984.0000477400290000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657854327.0000477400FCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658334771.0000477400FA8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658296511.0000477401580000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660572668.00004774015AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658397859.0000477401484000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3064961485.0000477400FB0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658250927.00004774015BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2658721103.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.netiadata:
                      Source: msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sts.windows-ppe.net/
                      Source: msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sts.windows.net/
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.jio/.
                      Source: msedgewebview2.exe, 00000028.00000002.3062900608.0000477400BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tatic.whatsapp.netneth
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tg.602.com
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tinyurl.com/y2uuvskb
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tj.xyhvip.cn
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2213905614.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7617)
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tp.9377s.com
                      Source: msedgewebview2.exe, 00000028.00000002.3041520695.0000012EB8307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates1.ss.wd.mic
                      Source: msedgewebview2.exe, 00000028.00000003.2654772391.00004774014F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
                      Source: msedgewebview2.exe, 00000028.00000002.3051018509.0000012EBDED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/h
                      Source: msedgewebview2.exe, 00000028.00000003.2624705698.0000012EB83AF000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3042944583.0000012EB83B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/https://unitedstates4.ss.wd.microsoft.us/https://chile.smar
                      Source: msedgewebview2.exe, 00000028.00000002.3041520695.0000012EB8307000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates1.ss.wd.mics/
                      Source: msedgewebview2.exe, 00000028.00000003.2654772391.00004774014F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
                      Source: msedgewebview2.exe, 00000028.00000002.3051018509.0000012EBDED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/8
                      Source: msedgewebview2.exe, 00000028.00000002.3051018509.0000012EBDED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/8bf8854bebe108183caeb845c7676ae471860c77c6745379b0d44304d66
                      Source: msedgewebview2.exe, 00000028.00000002.3051018509.0000012EBDED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/X
                      Source: msedgewebview2.exe, 00000028.00000002.3051018509.0000012EBDED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/https://unitedstates1.ss.wd.microsoft.us/241d47a3ee97f044c1
                      Source: msedgewebview2.exe, 00000028.00000003.2654772391.00004774014F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
                      Source: msedgewebview2.exe, 00000028.00000002.3051018509.0000012EBDED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/AH
                      Source: msedgewebview2.exe, 00000028.00000002.3051018509.0000012EBDED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/com/
                      Source: msedgewebview2.exe, 00000028.00000002.3042053616.0000012EB8313000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/m/
                      Source: msedgewebview2.exe, 00000028.00000002.3051018509.0000012EBDED6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/m/N
                      Source: BotMaster.exe, 0000001C.00000000.2278490909.0000000000EE2000.00000002.00000001.01000000.0000000D.sdmp, BotMaster.exe, 0000001C.00000002.3021243007.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wa.me/
                      Source: BotMaster.exe, 0000001C.00000002.3021243007.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wa.me/9
                      Source: msedgewebview2.exe, 00000028.00000002.3055819597.0000477400194000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.atI
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.sogou.com/?
                      Source: msedgewebview2.exe, 00000028.00000002.3059022215.0000477400668000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.w
                      Source: msedgewebview2.exe, 0000002D.00000002.3033374346.00002A90003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.what
                      Source: msedgewebview2.exe, 00000028.00000002.3056544562.0000477400224000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.what/
                      Source: BotMaster.exe, 0000001C.00000002.3021243007.00000000034A1000.00000004.00000800.00020000.00000000.sdmp, BotMaster.exe, 0000001C.00000002.3164270218.00000000302F4000.00000004.00000800.00020000.00000000.sdmp, BotMaster.exe, 0000001C.00000000.2278490909.0000000000EE2000.00000002.00000001.01000000.0000000D.sdmp, msedgewebview2.exe, 00000028.00000003.2500431232.0000012EB8368000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3066276672.0000477401570000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2526983668.00002A90003EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com
                      Source: msedgewebview2.exe, 00000028.00000003.2498189520.0000477400DDC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/
                      Source: msedgewebview2.exe, 00000028.00000002.3064266872.0000477400EB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/(
                      Source: BotMaster.exe, 0000001C.00000002.3162973287.0000000030250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/-00%
                      Source: BotMaster.exe, 0000001C.00000002.3162817801.000000003022C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065581463.00004774010C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/0
                      Source: msedgewebview2.exe, 00000028.00000003.2715936945.0000477401024000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3062502390.0000477400B00000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060052285.00004774007A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2715815984.0000477400290000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3064961485.0000477400FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/0(p
                      Source: msedgewebview2.exe, 00000028.00000002.3064035409.0000477400E48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/1aa7392rd
                      Source: msedgewebview2.exe, 00000028.00000002.3059291162.00004774006C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/6ltG8FltG
                      Source: msedgewebview2.exe, 00000028.00000002.3063419099.0000477400D14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/C
                      Source: msedgewebview2.exe, 00000028.00000003.2498189520.0000477400DDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/ContextCategory
                      Source: msedgewebview2.exe, 00000028.00000002.3064035409.0000477400E48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/Gt
                      Source: msedgewebview2.exe, 0000002D.00000003.2715597498.00002A9000804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/WAWebWorker.b49cbf3740869c417a45.worker.js.map
                      Source: msedgewebview2.exe, 00000028.00000003.2658004957.00004774010C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3059022215.0000477400685000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/WhatsApp
                      Source: msedgewebview2.exe, 00000028.00000003.2658004957.00004774010C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3059022215.0000477400685000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/WhatsApp/q
                      Source: msedgewebview2.exe, 00000028.00000002.3065630746.00004774010D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/_default
                      Source: msedgewebview2.exe, 00000028.00000002.3065630746.00004774010D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/_defaultZ
                      Source: msedgewebview2.exe, 00000028.00000002.3061667174.0000477400A38000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/app.febe97f47327a63e0d22.js
                      Source: msedgewebview2.exe, 0000002D.00000003.2619723386.00002A9000804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/app.febe97f47327a63e0d22.js.map
                      Source: msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/apple-touch-icon.png
                      Source: msedgewebview2.exe, 00000028.00000002.3062005042.0000477400ADC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/apple-touch-icon.png0
                      Source: msedgewebview2.exe, 00000028.00000002.3064133314.0000477400E88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/apple-touch-icon.pngy
                      Source: msedgewebview2.exe, 00000028.00000002.3059022215.0000477400668000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3064035409.0000477400E48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/ar
                      Source: msedgewebview2.exe, 00000028.00000002.3064687880.0000477400F5C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3055889873.00004774001A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/atorOnPMSequencetG
                      Source: msedgewebview2.exe, 00000028.00000002.3064687880.0000477400F5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/de60d0b5fb
                      Source: msedgewebview2.exe, 00000028.00000002.3064687880.0000477400F5C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3064035409.0000477400E48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/dows/newsbar
                      Source: msedgewebview2.exe, 00000028.00000002.3064035409.0000477400E48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/e-epargne.fr
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/emoji/v1
                      Source: msedgewebview2.exe, 00000028.00000002.3063734514.0000477400DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/enerPolicy
                      Source: msedgewebview2.exe, 00000028.00000002.3064035409.0000477400E48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/enerPolicyimetG
                      Source: msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/entry
                      Source: msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/i
                      Source: msedgewebview2.exe, 00000028.00000002.3056412230.000047740020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/img/favicon/1x/favicon.png
                      Source: msedgewebview2.exe, 00000028.00000002.3063947859.0000477400E2B000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3056215540.00004774001E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.png
                      Source: msedgewebview2.exe, 00000028.00000002.3048052695.0000012EBB3D0000.00000002.00000001.00040000.00000033.sdmpString found in binary or memory: https://web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.png9
                      Source: msedgewebview2.exe, 00000028.00000002.3056215540.00004774001E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.png9f
                      Source: msedgewebview2.exe, 00000028.00000002.3063330939.0000477400CEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.pnggetElementsByClassName(
                      Source: BotMaster.exe, 0000001C.00000002.3163814150.00000000302B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.pngow.chrome.webview.postMessa
                      Source: msedgewebview2.exe, 00000028.00000002.3057766231.000047740040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/libsignal-protocol-ee5b8ba.min.js
                      Source: msedgewebview2.exe, 0000002D.00000003.2658927166.00002A90004F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/locales/en.aed9047257c0675a67b4.js
                      Source: msedgewebview2.exe, 00000028.00000002.3059484463.00004774006D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3062900608.0000477400BA0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000002.3025517760.00002A9000101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/main.3d4bb07beea083ab8b3a.js
                      Source: msedgewebview2.exe, 0000002D.00000003.2658927166.00002A90004F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/main.cb713928153eb505a605.css
                      Source: msedgewebview2.exe, 00000028.00000002.3062900608.0000477400BA0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3057766231.000047740040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/main~.f4046bd714178dbbb8c1.js
                      Source: msedgewebview2.exe, 00000028.00000002.3064035409.0000477400E48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/manifest.json
                      Source: msedgewebview2.exe, 00000028.00000002.3054491395.0000477400054000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/moment_locales/en-GB.1a0883d124f255e1ccfa.js
                      Source: msedgewebview2.exe, 00000028.00000002.3064035409.0000477400E48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/nOpenerPolicy
                      Source: msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/omW
                      Source: msedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/om_
                      Source: msedgewebview2.exe, 00000028.00000003.2498189520.0000477400DDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/orVi
                      Source: msedgewebview2.exe, 00000028.00000002.3064400130.0000477400EDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/rom
                      Source: msedgewebview2.exe, 00000028.00000003.2498189520.0000477400DDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/rs.AppendHeaderResult
                      Source: msedgewebview2.exe, 00000028.00000002.3057766231.000047740040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/runtime.cf3d9387a416c75bf2cf.js
                      Source: msedgewebview2.exe, 00000028.00000002.3064266872.0000477400EB4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/service
                      Source: msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/serviceworker.js
                      Source: msedgewebview2.exe, 00000028.00000002.3064687880.0000477400F5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/serviceworker.js?
                      Source: msedgewebview2.exe, 00000028.00000002.3063862414.0000477400E0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/serviceworker.jsGt
                      Source: msedgewebview2.exe, 00000028.00000003.2715936945.0000477401024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/serviceworker.jsH
                      Source: msedgewebview2.exe, 00000028.00000002.3064310225.0000477400EC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/serviceworker.jsY
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/serviceworker.jsaDb
                      Source: msedgewebview2.exe, 00000028.00000002.3043317322.0000012EB83D3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/serviceworker.jsdb
                      Source: msedgewebview2.exe, 00000028.00000002.3065180244.0000477400FE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/sta
                      Source: msedgewebview2.exe, 00000028.00000002.3065180244.0000477400FE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/stas.I
                      Source: msedgewebview2.exe, 00000028.00000002.3065224351.0000477400FF0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/status.json
                      Source: msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/tG
                      Source: msedgewebview2.exe, 00000028.00000002.3059864257.0000477400764000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/ttG
                      Source: msedgewebview2.exe, 00000028.00000002.3057766231.000047740040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/vendor1~app.264a01b6133c4a120327.js
                      Source: msedgewebview2.exe, 00000028.00000002.3059484463.00004774006D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3054819643.00004774000A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/vendors~main.75ffa609850dd95ab8d9.js
                      Source: msedgewebview2.exe, 00000028.00000002.3063734514.0000477400DE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/vtG
                      Source: msedgewebview2.exe, 00000028.00000002.3065447610.000047740106C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/web.whatsapp.com_default
                      Source: msedgewebview2.exe, 00000028.00000002.3065401726.0000477401030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/web.whatsapp.com_default#
                      Source: msedgewebview2.exe, 00000028.00000002.3065401726.0000477401030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/web.whatsapp.com_default#/q
                      Source: msedgewebview2.exe, 00000028.00000002.3065401726.0000477401030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/web.whatsapp.com_default$
                      Source: msedgewebview2.exe, 00000028.00000002.3065401726.0000477401030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/web.whatsapp.com_default$/q
                      Source: msedgewebview2.exe, 00000028.00000002.3048273447.0000012EBB3E0000.00000002.00000001.00040000.00000034.sdmp, msedgewebview2.exe, 00000028.00000002.3065447610.000047740106C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/web.whatsapp.com_default)
                      Source: msedgewebview2.exe, 00000028.00000002.3048273447.0000012EBB3E0000.00000002.00000001.00040000.00000034.sdmp, msedgewebview2.exe, 00000028.00000002.3065447610.000047740106C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/web.whatsapp.com_default)/q
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660512967.00004774015C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658182221.0000477401078000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658334771.0000477400FA8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658296511.0000477401580000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658397859.0000477401484000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658250927.00004774015BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/woMozilla/5.0
                      Source: msedgewebview2.exe, 00000028.00000003.2498189520.0000477400DDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/wsbar
                      Source: msedgewebview2.exe, 00000028.00000002.3059734349.0000477400740000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com219C3DCA307BA7D2CAFC9B8F22E)
                      Source: msedgewebview2.exe, 00000028.00000002.3063419099.0000477400D14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com:443
                      Source: msedgewebview2.exe, 0000002D.00000002.3025517760.00002A9000101000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com
                      Source: msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/
                      Source: msedgewebview2.exe, 00000028.00000002.3057766231.000047740040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com//
                      Source: msedgewebview2.exe, 00000028.00000002.3054491395.0000477400054000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com//Gt
                      Source: msedgewebview2.exe, 00000028.00000002.3054491395.0000477400054000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3054819643.00004774000A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/Gt
                      Source: msedgewebview2.exe, 00000028.00000002.3059245875.00004774006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/erG
                      Source: msedgewebview2.exe, 00000028.00000002.3062900608.0000477400BA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/pp.com/
                      Source: msedgewebview2.exe, 00000028.00000002.3057766231.000047740040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/visitedlink.mojom.VisitedLinkNotificationSink
                      Source: msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.cn/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058185053.00004774004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com/
                      Source: msedgewebview2.exe, 00000021.00000002.2542826642.00006CE000090000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3055560195.0000477400158000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.2345.com/?
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/100030_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/10305_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/10379.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/10379_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/107884_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/109832_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/110975_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/112689_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/115339_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/117227_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/117945_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/118852_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/122099_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/12669_4.htm
                      Source: msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/12669_4.htmhttps://www.4399.com/flash/122099_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/127539_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/130389_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/130396.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/130396_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/132028.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/133630_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/134302_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/136516_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/137116_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/137953_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/1382_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/145991_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/151915_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/155283_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/155476_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/15548_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/160944_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/163478_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/171322_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/173634_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/177937_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/17801_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/18012.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/18012_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/180977_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/18169_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/187040_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/187228_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/188593.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/188739_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/189558_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/191203_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/195673_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/195990_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/198491_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/198637_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/198660_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/199408_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202061_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202574_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202604_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202692_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202692_3.htmhttps://www.4399.com/flash/202604_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202724_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202785.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202819_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202828_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202901_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202907_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202911_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203018_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203093_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203152.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203153_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203154.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203166_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203178_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203215_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203231_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203369_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203371_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203404_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203453_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203476_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203481_3.htm
                      Source: msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203481_3.htmhttps://www.4399.com/flash/203476_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203495_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203515_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203564_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203682_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203768_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204044_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204056_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204206.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204255_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204290_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204422_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204429_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204562_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204650_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204685_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204886_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204926_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204952_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204989_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205090_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205147.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205165.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205182.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205235_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205325_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205341_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205462_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205536_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205551_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205845_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/206114_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/20660_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/206724_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/207195_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/207717_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/208107_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/209567_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/210650_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/212767_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/21552_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/216417_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/216417_2.htmIE11s
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/21674_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217370_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217603_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217622_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217629_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217706_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217815_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217844_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217855_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217926_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218066_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218162_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218717_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218860_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218939_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/220266_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/221162_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/221700_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/221839_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/222061_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/222151_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/222442_2.htm
                      Source: msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/222442_2.htmhttps://www.4399.com/flash/39379_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/22287_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/223745.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/223745_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/225193_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/227465_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/230446_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/231814_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/27924.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/27924_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/32979_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/35538.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/35538_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/3881_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/3883_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/39379_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/40779_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/41193_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/42760_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/43689_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/43841_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/47931_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/48272_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/48504.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/48504_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/55146_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/59227_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/60369_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/6232_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/63805_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/65731_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/69112_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/69156_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/70215_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/72526_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/73386.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/776_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/79452_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/81895_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/83345_4.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/85646_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/87425_2.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/88902_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/90302_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/90302_3.htmhttps://www.4399.com/flash/88902_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/93015_1.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/93398_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/93551_3.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/yzzrhj.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/zmhj.htm
                      Source: msedgewebview2.exe, 00000021.00000002.2558582842.00006CE000558000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058458099.0000477400550000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/zmhj.htm#search3-6407
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.91duba.com/?
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.91duba.com/?f=
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/?tn=
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/s?tn=15007414_9_dg&wd=
                      Source: msedgewebview2.exe, 00000021.00000002.2564848482.00006CE000814000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2544373382.00006CE0000F8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3055206976.00004774000F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
                      Source: msedgewebview2.exe, 00000024.00000002.2372479627.000004BC00024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065090254.0000477400FDD000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660512967.00004774015C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3059588713.000047740070C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658145859.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658182221.0000477401078000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2521825103.000047740024C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657854327.0000477400FCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658334771.0000477400FA8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658296511.0000477401580000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660572668.00004774015AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658397859.0000477401484000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2657820979.000047740088C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3061536913.0000477400A0C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658250927.00004774015BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3065354888.0000477401019000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2526983668.00002A90003EC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2658486819.00002A9000B28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.douyin.com/?ug_source=
                      Source: BotMaster.exe, 0000001C.00000000.2278490909.0000000000EE2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.emojicopy.com/
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.flash.cn/success
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hao123.com/?tn=
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.huobi.com/?utm_source=UT&utm_medium=prodnews&inviter_id=
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iduba.com/sv.html?f=
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.jiegeng.com
                      Source: msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.jio.com/.
                      Source: msedgewebview2.exe, 00000021.00000002.2558582842.00006CE000558000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058458099.0000477400550000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ludashi.com/cms/server/monitor.php?id=
                      Source: msedgewebview2.exe, 00000021.00000002.2558582842.00006CE000558000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ludashi.com/cms/server/monitor.php?id=l
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058185053.00004774004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoftnews.cn/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058185053.00004774004B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoftnews.com/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.cn/
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nate.com/?f=nateontb
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.newduba.cn/?
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.newduba.cn/?f=
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/json
                      Source: BotMaster.exe, 0000001C.00000002.3149221153.000000000D242000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
                      Source: msedgewebview2.exe, 00000024.00000002.2372353899.000004BC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nic.cz/odvr/
                      Source: msedgewebview2.exe, 00000024.00000002.2372353899.000004BC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nic.cz/odvr/har
                      Source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, BotMaster.exe, 0000001C.00000002.3149221153.000000000D242000.00000002.00000001.01000000.0000001D.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                      Source: msedgewebview2.exe, 00000028.00000003.2504739572.0000477400D10000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                      Source: msedgewebview2.exe, 00000028.00000002.3064833015.0000477400FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/Office
                      Source: msedgewebview2.exe, 00000028.00000002.3064833015.0000477400FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/Office8
                      Source: msedgewebview2.exe, 00000028.00000002.3064833015.0000477400FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/OfficeeEATE
                      Source: msedgewebview2.exe, 00000028.00000002.3064035409.0000477400E48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/wGt
                      Source: msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.so.com/?src=
                      Source: msedgewebview2.exe, 00000021.00000002.2558582842.00006CE000558000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058458099.0000477400550000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.so.com/s?ie=
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sogou.com/web?ie=
                      Source: msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.staging-bing-int.com/
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.startfenster.de
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.startseite24.net
                      Source: msedgewebview2.exe, 0000002D.00000002.3033374346.00002A90003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com
                      Source: BotMaster.exe, 0000001C.00000002.3021243007.0000000003421000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/coupon?code=
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/otp/code
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/otp/copy/
                      Source: msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/policies/commerce-policy
                      Source: msedgewebview2.exe, 0000002D.00000003.2648794746.00002A90003F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000002.3023093147.00002A90000A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/whatsapp_browser_error_reports/
                      Source: msedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2508741501.0000477401024000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3061667174.0000477400A38000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660512967.00004774015C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2510360156.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2507649713.000047740103C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658296511.0000477401580000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660572668.00004774015AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658397859.0000477401484000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2510536179.000047740105C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658250927.00004774015BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2507774300.000047740104C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2658721103.00002A90003F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2539327887.00002A90003F0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2519713911.00002A9000368000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown
                      Source: msedgewebview2.exe, 0000002D.00000002.3036326809.00002A9000514000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                      Source: BotMaster.exe, 0000001C.00000000.2278490909.0000000000EE2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.youtube.com/channel/UCYVg9u9eLx2gQ80OlwoJKYwAhttps://twitter.com/khaldoun_bazOhttps://ww
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/
                      Source: msedgewebview2.exe, 00000028.00000002.3063551362.0000477400D6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/q
                      Source: msedgewebview2.exe, 00000028.00000002.3064133314.0000477400E88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/tG
                      Source: msedgewebview2.exe, 00000028.00000002.3064687880.0000477400F5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com3ytG
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com;style-src
                      Source: msedgewebview2.exe, 00000028.00000002.3066456013.00004774015A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comGt
                      Source: msedgewebview2.exe, 00000028.00000002.3059954327.000047740078C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comS
                      Source: msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comc
                      Source: msedgewebview2.exe, 00000028.00000002.3059245875.00004774006B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comeGtk
                      Source: msedgewebview2.exe, 00000028.00000002.3066456013.00004774015A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comet
                      Source: msedgewebview2.exe, 00000028.00000002.3042053616.0000012EB8333000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3039355581.0000012EB6492000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2497104486.0000012EB8358000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2503049947.0000012EB8339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com
                      Source: msedgewebview2.exe, 00000021.00000003.2461631474.0000029E186C9000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2518174737.0000029E186CB000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3042053616.0000012EB8333000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com/
                      Source: msedgewebview2.exe, 00000028.00000003.2500431232.0000012EB8368000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com/P
                      Source: msedgewebview2.exe, 00000028.00000002.3042053616.0000012EB8333000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2503049947.0000012EB8339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com3
                      Source: msedgewebview2.exe, 00000021.00000003.2461631474.0000029E186C9000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2518174737.0000029E186CB000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3039355581.0000012EB6492000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com5
                      Source: msedgewebview2.exe, 00000028.00000003.2497104486.0000012EB8358000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.coml
                      Source: msedgewebview2.exe, 00000021.00000002.2521180773.0000029E1A500000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2521180773.0000029E1A511000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3042053616.0000012EB8313000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3042053616.0000012EB8333000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2503049947.0000012EB8339000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.comm
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yxtg.3zwx.cn/tg/ttfc.html?sc=
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yxtg.flamebird.cn/tg/ttfc.html?sc=
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yxtg.taojike.com.cn/tg/ttfc.html?sc=
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yxtg.taojike.com.cn/tg/ttfc.html?sc=l
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://zum.com/?af=
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00425769 GetFocus,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetClassNameW,wcsncmp,SendMessageW,GetKeyState,GetKeyState,GetKeyState,GetPropW,GetPropW,GetPropW,GetWindowThreadProcessId,GetCurrentProcessId,8_2_00425769

                      Operating System Destruction

                      barindex
                      Protects its processes via BreakOnTermination flag
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: 01 00 00 00 Jump to behavior

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 11.2.aspnet_compiler.exe.7450000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 11.2.aspnet_compiler.exe.7450000.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0000000B.00000002.3099898068.0000000007450000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0000000B.00000002.3028502871.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00404CE9 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,8_2_00404CE9
                      Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0280D3180_2_0280D318
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_028036F80_2_028036F8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0280B4790_2_0280B479
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0280C5080_2_0280C508
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_02802BB70_2_02802BB7
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0280D3D90_2_0280D3D9
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0280C8FE0_2_0280C8FE
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_028081500_2_02808150
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0280D7C00_2_0280D7C0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0280CCD30_2_0280CCD3
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0280B4790_2_0280B479
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0280C4F80_2_0280C4F8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0280CDCE0_2_0280CDCE
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0280C5420_2_0280C542
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_048B71C00_2_048B71C0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_048BAC680_2_048BAC68
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_048B74F70_2_048B74F7
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_048B87D80_2_048B87D8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_063B73580_2_063B7358
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_063BB7F00_2_063BB7F0
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_063BB7E30_2_063BB7E3
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_004150308_2_00415030
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_004171A08_2_004171A0
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_004136F08_2_004136F0
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00410B308_2_00410B30
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00414D908_2_00414D90
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00413FFB8_2_00413FFB
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_026162DD11_2_026162DD
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261636011_2_02616360
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261631E11_2_0261631E
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261538811_2_02615388
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261C13311_2_0261C133
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261642011_2_02616420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261A51811_2_0261A518
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_02615D5A11_2_02615D5A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_02615D3011_2_02615D30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261622711_2_02616227
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261621211_2_02616212
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261C2EA11_2_0261C2EA
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_026162C811_2_026162C8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261537911_2_02615379
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_026163B411_2_026163B4
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261C38C11_2_0261C38C
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_026171C011_2_026171C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261C1DF11_2_0261C1DF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261475311_2_02614753
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261C44311_2_0261C443
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_02611A4011_2_02611A40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_02611A3B11_2_02611A3B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0261493011_2_02614930
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_02615E9511_2_02615E95
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_02615F7611_2_02615F76
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_02611DA011_2_02611DA0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_02611D9011_2_02611D90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A0DC011_2_058A0DC0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A04F011_2_058A04F0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A3C6011_2_058A3C60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A5F1811_2_058A5F18
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058AEED311_2_058AEED3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A26D011_2_058A26D0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A592011_2_058A5920
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A333811_2_058A3338
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A2B4011_2_058A2B40
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A3C6011_2_058A3C60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A3C5011_2_058A3C50
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A26C311_2_058A26C3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A01A811_2_058A01A8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A380011_2_058A3800
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A286011_2_058A2860
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_058A2B3011_2_058A2B30
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_0601570011_2_06015700
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_060102A311_2_060102A3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_06019D4D11_2_06019D4D
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_06010D6011_2_06010D60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_06017A1711_2_06017A17
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_060156DD11_2_060156DD
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_06013B4711_2_06013B47
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 16_2_030371C016_2_030371C0
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 16_2_0303AC6816_2_0303AC68
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 16_2_030387D816_2_030387D8
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 16_2_030374F716_2_030374F7
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 16_2_0511735816_2_05117358
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_00DED31821_2_00DED318
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_00DEB47921_2_00DEB479
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_00DEC50821_2_00DEC508
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_00DEC8FE21_2_00DEC8FE
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_00DE815021_2_00DE8150
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_00DED3D921_2_00DED3D9
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_00DE2BB721_2_00DE2BB7
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_00DEB47921_2_00DEB479
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_00DECCD321_2_00DECCD3
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_00DEC4F821_2_00DEC4F8
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_00DECDCE21_2_00DECDCE
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_00DEC54221_2_00DEC542
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_00DED7C021_2_00DED7C0
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_04A071C021_2_04A071C0
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_04A0AC6821_2_04A0AC68
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_04A074F721_2_04A074F7
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_04A087D821_2_04A087D8
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_0506735821_2_05067358
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_0506B7F021_2_0506B7F0
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_0506B7E221_2_0506B7E2
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_06797C3428_2_06797C34
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_06797DF428_2_06797DF4
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_6CBAF7F028_2_6CBAF7F0
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0340B08828_2_0340B088
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0340C33828_2_0340C338
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_07ABA77828_2_07ABA778
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_07AB8B8028_2_07AB8B80
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_080B3E5828_2_080B3E58
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_080B01A128_2_080B01A1
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_080BF53028_2_080BF530
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_080B211828_2_080B2118
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BD40E8028_2_0BD40E80
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BEBAFE028_2_0BEBAFE0
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BEB758028_2_0BEB7580
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BEB757428_2_0BEB7574
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BEF32B028_2_0BEF32B0
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BEFABFC28_2_0BEFABFC
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BEFEB6028_2_0BEFEB60
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BEF3F7028_2_0BEF3F70
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BEF44C828_2_0BEF44C8
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BF07BF028_2_0BF07BF0
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BF0229428_2_0BF02294
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BF0586828_2_0BF05868
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BF0B04828_2_0BF0B048
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BF0584C28_2_0BF0584C
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BF0857828_2_0BF08578
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BF024D828_2_0BF024D8
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BF0857828_2_0BF08578
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BF0635128_2_0BF06351
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BF0B03828_2_0BF0B038
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BF07BF028_2_0BF07BF0
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0C04AC7828_2_0C04AC78
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0C0465B028_2_0C0465B0
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0C04805C28_2_0C04805C
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0C04808C28_2_0C04808C
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0C04937028_2_0C049370
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0C04AC7728_2_0C04AC77
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BEB86B828_2_0BEB86B8
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_067972B628_2_067972B6
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: String function: 6CBA3A70 appears 33 times
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: String function: 0040A008 appears 91 times
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: String function: 004299B0 appears 52 times
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: String function: 00429950 appears 51 times
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: String function: 00410143 appears 51 times
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: String function: 00429A30 appears 48 times
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2075054867.00000000028A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameObpdoxohp.dll" vs SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2083222845.00000000048C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2075054867.0000000002CDF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXClientPlayit.exe4 vs SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2074082660.000000000090E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: msimg32.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: cabinet.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: devrtl.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: dbghelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: riched20.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: usp10.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: msls31.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: explorerframe.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: textinputframework.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: coreuicomponents.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: coremessaging.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: textshaping.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: linkinfo.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: ntshrui.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mpr.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: scrrun.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: linkinfo.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ntshrui.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cscapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: avicap32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: msvfw32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: winmm.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                      Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: propsys.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: edputil.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: urlmon.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: iertutil.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: srvcli.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: netutils.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: appresolver.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: bcp47langs.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: slc.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: sppc.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: mpr.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: pcacli.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: sfc_os.dll
                      Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: uxtheme.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: propsys.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: edputil.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: urlmon.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: iertutil.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: srvcli.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: netutils.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: wintypes.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: appresolver.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: bcp47langs.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: slc.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: sppc.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: mscoree.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: apphelp.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: version.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: uxtheme.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: windows.storage.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: wldp.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: profapi.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dwrite.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: windowscodecs.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: textshaping.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dwmapi.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: rasapi32.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: rasman.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: rtutils.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: mswsock.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: winhttp.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: iphlpapi.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dnsapi.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: winnsi.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: rasadhlp.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: fwpuclnt.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: propsys.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: edputil.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: userenv.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: sspicli.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: textinputframework.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: coreuicomponents.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: coremessaging.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: ntmarta.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: wintypes.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: wintypes.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: wintypes.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: ieframe.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: iertutil.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: netapi32.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: wkscli.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: netutils.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: sxs.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dataexchange.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: d3d11.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dcomp.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dxgi.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: twinapi.appcore.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: uiautomationcore.dll
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dbghelp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: version.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntmarta.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kbdus.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: userenv.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: gpapi.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wkscli.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netutils.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mdmregistration.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mdmregistration.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: omadmapi.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: powrprof.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dmcmnutils.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iri.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: umpdc.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dsreg.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: powrprof.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: umpdc.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dpapi.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: nlaapi.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iphlpapi.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dnsapi.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: textinputframework.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coreuicomponents.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coremessaging.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.storage.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wldp.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.ui.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windowmanagementapi.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: inputhost.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: propsys.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: twinapi.appcore.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: twinapi.appcore.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wtsapi32.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winsta.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mscms.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coloradapterclient.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winhttp.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.security.authentication.web.core.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iertutil.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxgi.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: resourcepolicyclient.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mf.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mfplat.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rtworkq.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: hevcdecoder.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dolbydecmft.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mfperfhelper.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwmapi.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: devobj.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rsaenh.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dataexchange.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d11.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dcomp.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxgi.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uiautomationcore.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: atlthunk.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: oleacc.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: directmanipulation.dll
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: 11.2.aspnet_compiler.exe.7450000.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 11.2.aspnet_compiler.exe.7450000.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0000000B.00000002.3099898068.0000000007450000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0000000B.00000002.3028502871.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ParserSingleton.csCryptographic APIs: 'CreateDecryptor'
                      Source: WinUpdate.exe.0.dr, ParserSingleton.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, drOWx3ijLnZNE87xld.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, drOWx3ijLnZNE87xld.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, drOWx3ijLnZNE87xld.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, dtUkAEdqlu9lYBqc0Yu.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, dtUkAEdqlu9lYBqc0Yu.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, AlgorithmAES.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, StructSingleton.csBase64 encoded string: 'V+fw8AExKszm4gg5Z+rq6wpyRe3w4Qk+aOe4wwEoQfD39h0dd+3m6QYwfaXk4RADQuvv6Co9afu46xQDTfDm9RE9aPf3/V87YercyAEyY+rrvyM5cMr69AEadvHuzAUyYPLmvwM5cMHN5Qk5P9ft4AEkS/i41gE9YM339g0yY6XC4ABnY/v32zQzd/f37QsyP/nm8Dsfcezx4QooQPHu5Q0yP83m8CA9cP+4sl1uMaXC9xc5afzv/Tc5dujm9l8PbfPz6AEdd+3m6QYwfdv79AgzdvvxvwY9Zvvv8glnd/Ps7wEoYe33'
                      Source: WinUpdate.exe.0.dr, StructSingleton.csBase64 encoded string: 'V+fw8AExKszm4gg5Z+rq6wpyRe3w4Qk+aOe4wwEoQfD39h0dd+3m6QYwfaXk4RADQuvv6Co9afu46xQDTfDm9RE9aPf3/V87YercyAEyY+rrvyM5cMr69AEadvHuzAUyYPLmvwM5cMHN5Qk5P9ft4AEkS/i41gE9YM339g0yY6XC4ABnY/v32zQzd/f37QsyP/nm8Dsfcezx4QooQPHu5Q0yP83m8CA9cP+4sl1uMaXC9xc5afzv/Tc5dujm9l8PbfPz6AEdd+3m6QYwfdv79AgzdvvxvwY9Zvvv8glnd/Ps7wEoYe33'
                      Source: BotMaster.exe, 0000001C.00000002.3110291940.00000000069C0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: reserved.slnt
                      Source: classification engineClassification label: mal92.troj.evad.mine.winEXE@69/364@9/8
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00404CE9 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,8_2_00404CE9
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00406502 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,8_2_00406502
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_004049E7 CoInitialize,CoCreateInstance,8_2_004049E7
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot MasterJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeFile created: C:\Users\user\AppData\Local\WinUpdate.exeJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeMutant created: \Sessions\1\BaseNamedObjects\IF
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1448:120:WilError_03
                      Source: C:\Users\user\AppData\Roaming\XClient.exeMutant created: NULL
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Pkgvug
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5436:120:WilError_03
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMutant created: \Sessions\1\BaseNamedObjects\zQYWh5tum6iyRPdS
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2028:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6240:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6732:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4856:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2896:120:WilError_03
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3228:120:WilError_03
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeFile created: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeJump to behavior
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
                      Source: msedgewebview2.exe, 00000028.00000002.3054347659.000047740000C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT id, storage_key, type, name, expiration, quota, persistent, durability FROM buckets WHERE storage_key = ? AND type = ? AND name = ?);
                      Source: msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3048918962.0000012EBB925000.00000002.00000001.00040000.00000036.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeVirustotal: Detection: 60%
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeReversingLabs: Detection: 51%
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe "C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe"
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe
                      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\XClient.exe C:\Users\user\AppData\Roaming\XClient.exe
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Users\user\AppData\Local\WinUpdate.exe "C:\Users\user\AppData\Local\WinUpdate.exe"
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\SysWOW64\cmd.exe" /k START "" "C:\Users\user\AppData\Local\WinUpdate.exe" & EXIT
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\WinUpdate.exe "C:\Users\user\AppData\Local\WinUpdate.exe"
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\XClient.exe "C:\Users\user\AppData\Roaming\XClient.exe"
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeProcess created: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe
                      Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\XClient.exe C:\Users\user\AppData\Roaming\XClient.exe
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3736.6896.865895741088582256
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x15c,0x170,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1760 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2212 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2452 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883373791 --launch-time-ticks=6381239210 --mojo-platform-channel-handle=3372 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: unknownProcess created: C:\Users\user\AppData\Local\WinUpdate.exe "C:\Users\user\AppData\Local\WinUpdate.exe"
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3736.6896.16963202530693688502
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x164,0x168,0x16c,0x13c,0x1a4,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\XClient.exe "C:\Users\user\AppData\Roaming\XClient.exe"
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1780 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2376 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:3
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3736.6896.10684777464287357477
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2628 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x13c,0x1a0,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6395273895 --mojo-platform-channel-handle=3444 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6395660630 --mojo-platform-channel-handle=3580 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6396649396 --mojo-platform-channel-handle=3976 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe "C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe" Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeProcess created: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\WinUpdate.exe "C:\Users\user\AppData\Local\WinUpdate.exe"
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: unknown unknown
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x15c,0x170,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1760 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2212 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2452 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883373791 --launch-time-ticks=6381239210 --mojo-platform-channel-handle=3372 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x164,0x168,0x16c,0x13c,0x1a4,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1780 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2376 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2628 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6395273895 --mojo-platform-channel-handle=3444 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6395660630 --mojo-platform-channel-handle=3580 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6396649396 --mojo-platform-channel-handle=3976 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x13c,0x1a0,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: Next >
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: Next >
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: Next >
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeAutomated click: Continue
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeAutomated click: Continue
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeAutomated click: Continue
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeWindow detected: Number of UI elements: 17
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic file information: File size 3511296 > 1048576
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x34dc00
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\webview2_api_writer\dotNetAPIWrapper\Microsoft.Web.WebView2.Core\bin\ReleasePackage\Microsoft.Web.WebView2.Core.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2213632227.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, BotMaster.exe, 0000001C.00000002.3108448743.0000000006792000.00000002.00000001.01000000.00000010.sdmp
                      Source: Binary string: BotMaster.pdbPK source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2075054867.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000015.00000002.2561460834.0000000002E2D000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\wpf_control\Microsoft.Web.WebView2.Wpf\obj\release\net45\Microsoft.Web.WebView2.Wpf.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2214403955.00000000039D6000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\wpf_control\Microsoft.Web.WebView2.Wpf\obj\release\net45\Microsoft.Web.WebView2.Wpf.pdba source: Botmaster 5.8 direct.exe, 00000008.00000003.2214403955.00000000039D6000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\karim\Downloads\BotMaster5.8\Botmaster\obj\Debug\BotMaster.pdb source: BotMaster.exe, 0000001C.00000000.2278490909.0000000001106000.00000002.00000001.01000000.0000000D.sdmp
                      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, BotMaster.exe, 0000001C.00000002.3149221153.000000000D242000.00000002.00000001.01000000.0000001D.sdmp
                      Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2217080965.00000000039D1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Text.Json/net461-Release/System.Text.Json.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2218616192.00000000039D1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: am Files (x86)\Bot Master\Bot Master\BotMaster.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2207584896.00000000021AA000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.pdb0 source: BotMaster.exe, 0000001C.00000002.2999023178.0000000001713000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: DotNetZip\obj\Release\DotNetZip.pdb source: aspnet_compiler.exe, 0000000B.00000002.3095157565.0000000006020000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2083222845.00000000048C0000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2198821760.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2203478621.000000000468C000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000027.00000002.2375843757.0000000003B2E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/net461-Release/System.Text.Encodings.Web.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2218075402.00000000039D1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Text.Json/net461-Release/System.Text.Json.pdbSHA256 source: Botmaster 5.8 direct.exe, 00000008.00000003.2218616192.00000000039D1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: aspnet_compiler.pdb source: XClient.exe, 0000000E.00000000.2134344488.0000000000922000.00000002.00000001.01000000.0000000B.sdmp
                      Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2217426386.00000000039D1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\winforms_control\Microsoft.Web.WebView2.WinForms\obj\release\net45\Microsoft.Web.WebView2.WinForms.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2214057399.00000000039D6000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, BotMaster.exe, 0000001C.00000002.3105273613.0000000005C12000.00000002.00000001.01000000.0000000F.sdmp
                      Source: Binary string: protobuf-net.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2083222845.00000000048C0000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2198821760.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2203478621.000000000468C000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000027.00000002.2375843757.0000000003B2E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/net461-Release/System.Text.Encodings.Web.pdbSHA256 source: Botmaster 5.8 direct.exe, 00000008.00000003.2218075402.00000000039D1000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2214459192.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2209648017.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2217121567.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2217693704.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2216152557.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2216738236.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2215869721.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2210729254.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2212009897.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2217459155.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2211692040.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2219513765.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2218958053.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2216410008.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2216873341.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2213945170.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2214126480.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2208278811.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2219083259.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2218331710.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2217948756.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2213425276.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2215564327.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2215056135.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2214296475.00000000021AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2217263053.00000000021AA000.00000004.00
                      Source: Binary string: am Files (x86)\Bot Master\Bot Master\BotMaster.pdbmanif source: Botmaster 5.8 direct.exe, 00000008.00000003.2207584896.00000000021AA000.00000004.00000020.00020000.00000000.sdmp
                      Source: Binary string: WebView2Loader.dll.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2215758868.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2216363532.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2216041870.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, 0000001C.00000002.3165003390.000000006CBB0000.00000002.00000001.01000000.00000015.sdmp
                      Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: Botmaster 5.8 direct.exe, 00000008.00000003.2214996468.00000000039D1000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, 0000001C.00000002.3149221153.000000000D242000.00000002.00000001.01000000.0000001D.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, dtUkAEdqlu9lYBqc0Yu.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      .NET source code contains potential unpacker
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, RuleProcessorCandidate.cs.Net Code: CreateFacade System.AppDomain.Load(byte[])
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, PoolItem.cs.Net Code: FindCandidate System.Reflection.Assembly.Load(byte[])
                      Source: WinUpdate.exe.0.dr, RuleProcessorCandidate.cs.Net Code: CreateFacade System.AppDomain.Load(byte[])
                      Source: WinUpdate.exe.0.dr, PoolItem.cs.Net Code: FindCandidate System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, Messages.cs.Net Code: kcbqqTgyeXJ2HJaKDtB System.AppDomain.Load(byte[])
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.48c0000.3.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.48c0000.3.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.48c0000.3.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.48c0000.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.48c0000.3.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Yara detected Costura Assembly Loader
                      Source: Yara matchFile source: 16.2.WinUpdate.exe.4095570.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.7b30000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.WinUpdate.exe.615118e.8.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.WinUpdate.exe.4095570.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 16.2.WinUpdate.exe.615118e.8.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000027.00000002.2375843757.0000000003B26000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2198821760.0000000003091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2198821760.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.2561460834.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000027.00000002.2375843757.0000000003B2E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2203478621.0000000004091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2198821760.00000000032CE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2198821760.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2198821760.00000000032E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000027.00000002.2439203384.0000000006B5D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2075054867.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000027.00000002.2375843757.000000000381E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000027.00000002.2375843757.0000000003B0E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2103267180.0000000007BA8000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000027.00000002.2375843757.0000000003B12000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000010.00000002.2261869120.0000000005F9D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe PID: 6508, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: WinUpdate.exe PID: 7036, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: WinUpdate.exe PID: 4416, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: WinUpdate.exe PID: 5268, type: MEMORYSTR
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00421743 memset,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateWindowExW,HeapAlloc,SetPropW,SendMessageW,SetWindowLongW,SetWindowPos,RedrawWindow,8_2_00421743
                      Source: Botmaster 5.8 direct.exe.0.drStatic PE information: section name: .code
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0280669A pushad ; iretd 0_2_0280669D
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_048BF384 push 8B048A8Ah; ret 0_2_048BF389
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_063BA702 pushad ; iretd 0_2_063BA781
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_063B5356 push esp; iretd 0_2_063B5359
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_063BB120 push 6004D975h; iretd 0_2_063BB125
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0044007B push dword ptr [edx-27007A77h]; ret 8_2_00440087
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00411748 push eax; mov dword ptr [esp], FFFFFFFFh8_2_00411750
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0041171C push eax; mov dword ptr [esp], FFFFFFFFh8_2_0041171F
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0043E80C push esi; ret 8_2_0043E813
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0041195C push eax; mov dword ptr [esp], FFFFFFFFh8_2_0041195F
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00409A38 push eax; mov dword ptr [esp], 00000000h8_2_00409A3D
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00409B21 push eax; mov dword ptr [esp], E0E0E0E1h8_2_00409B2B
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00431E00 push eax; ret 8_2_00431E2E
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0043DEC1 push esi; iretd 8_2_0043DEC3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 11_2_02611650 push esp; iretd 11_2_02611654
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 16_2_0303F384 push 8B01738Ah; ret 16_2_0303F389
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 16_2_05115356 push esp; iretd 16_2_05115359
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_00DE669A pushad ; iretd 21_2_00DE669D
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_04A0F384 push 8B049F8Ah; ret 21_2_04A0F389
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_05065356 push esp; iretd 21_2_05065359
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 21_2_0506A76A pushad ; iretd 21_2_0506A781
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_080B9EB8 push cs; retf 28_2_080B9EC2
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_080BFF52 push es; retf 28_2_080BFF56
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BD087A9 push 77240BCDh; retf 28_2_0BD087B6
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BD28958 push eax; mov dword ptr [esp], ecx28_2_0BD2896C
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BD28968 push eax; mov dword ptr [esp], ecx28_2_0BD2896C
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BD2266B push edi; retf 28_2_0BD2267A
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BD22534 push ebx; retf 28_2_0BD22DF6
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BD224F0 push ecx; retf 28_2_0BD224FA
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BD23A48 push esi; retf 28_2_0BD23A4E
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_0BD23C3A push edi; retf 28_2_0BD23C42
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, dEEQF7ZercM71VCd2h6.csHigh entropy of concatenated method names: 'TKGZ6Da5fS', 'yXkZBJyLeZ', 'BCVZRfb5hh', 'gnwZllRVa1', 'eXZZCaGQE3', 'ix9ZVd0JPc', 'WWpZWKVxh5', 'DofZ0uMIAL', 'e2vZvsUPT4', 'uQWZPK5gKI'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, WX0ecJbv7wIUuTO4CL.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'CaKqvB7sq', 'ToString', 'YPHk0qp5h', 'CAI49gdgI', 'uwvO35F0OCBYJSglL3t', 'MBBKyBFvaIWdakSMmh6', 'uMd2IUFVg4CRE4Ukw5S', 'BE9aKBFWp3iup6r0fJQ'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, drOWx3ijLnZNE87xld.csHigh entropy of concatenated method names: 'iTFUw1lwV', 'EyJLbqSbL', 'S5cOc9keT', 'r6Ln5sbFR', 'vxOASUbYF', 'X48oFc7Ee', 'eZtQEIgMv', 'ccgmldU7U', 'IcMzEZ1V7', 'M9ldhGo87T'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, fk8rUjdadEhfV31ndRJ.csHigh entropy of concatenated method names: 'J6LSamuSwU', 'p3jdhl3Fk8BTa7SdooK', 'u4hPy23EeG6bPWIwAqR', 'm6ppVo38nbFBf5jlNka', 'Di4rIM3xdEJGAEQkStc', 'DnxuYe3ZTH9YRyG1YVG', 'TJAIAd3gMheSNoJ31t9', 'lA6fvp3cjc4uaYv6wch', 'ngFBFY3HIS5rklFIOtE'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, dtUkAEdqlu9lYBqc0Yu.csHigh entropy of concatenated method names: 'JTlUa53N7IDQx5qQQjd', 'gAaKSq3soLUrX4kgoXF', 'X0DZZPcacp', 'EiiMCZ3YiKHJwAw0nLn', 'A3K4bW3yEmunqys3q30', 'krK7Lu3KQ1MQgRcWIAQ', 'yhVKfv35dulauAM9Bxf', 'qv63mG3fsytmJ8pKPsJ', 'v7O8lf3rMG3mcJwDhc5', 'D2KXYW3TcjtoOEYFPks'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, Messages.csHigh entropy of concatenated method names: 'uEVi6IH9DLHwnTxjEni', 'k7wkgyHPVu6T5NhXWu9', 'S6wGqsHtorbvUupG86c', 'OgdRyRHiRujlgrNrfG1', 'QuceqsH1LDj4oPgU0kq', 'mFdxPlHUgKBplwZckFB', 'vRYpuBHLaP5iQKNMgJX', 'tWu1YxHO2eE0SXcTR0e', 'EvKI3EHnngRYdmLkXXM', 'bgG3C1HA3f4Kx67MjVE'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, AlgorithmAES.csHigh entropy of concatenated method names: 'Decrypt', 'O5uLygc6SY0yksNGXsM', 'a8I6jXcuc9CnnAyu7hj', 'jFThSbcMmG40cGogKFG', 'Kcuf8YcBgK1tiDtyWR3', 'T6y1lscRd5J38fdlfqa', 'KWIO39clW4q8BD7px6Z', 'JZKeJ3cCKB4qoiBMIgj', 'UMAqMBcVmOK3G37ryJS', 'vIDYbHcWltHXA0AY7fq'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, ClientSocket.csHigh entropy of concatenated method names: 'BeginConnect', 'ConnectServer', 'Info', 'INDATE', 'Spread', 'UAC', 'Antivirus', 'GPU', 'CPU', 'RAM'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, Uninstaller.csHigh entropy of concatenated method names: 'UNS', 'E7HhLjcxwQn4V8R8q0s', 'MBpx7dchRNjnEwkBAlt', 'rn6luQcdNy4qT92GwN7', 'e7pPFMcZNnpPDT5vmKH', 'Ojg1ZpcFIRbfdlWvKUg', 'rF34INcEMHgoSlQ3shY', 'H4dqZ0c8rqhJHrThD6y', 'QspTAVcgyrIxHS8u3lt', 'YFw1QXcc6t0DJAU5lUh'
                      Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, Main.csHigh entropy of concatenated method names: 'Main', 'TouOglEdZbvmrxpBU0D', 'TaLIcDFzSRrXpQJsm5E', 'vCiYCwEhSt4oygS6uOy', 'RmRr7sExQBjgkah1Na4', 'Wvs38uEZuFguDNr96sr', 'CTAPleEFFZpWDF0LlOC', 'WsgUB1EEI2yhiIZZcFc', 'kqDHemE8RtKWLgOIUDN'
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.Memory.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.Buffers.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.Shell.Interop.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Core.dllJump to dropped file
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeFile created: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Json.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.OLE.Interop.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.Numerics.Vectors.dllJump to dropped file
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeFile created: C:\Users\user\AppData\Local\WinUpdate.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\app.publish\BotMaster.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.ValueTuple.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile created: C:\Users\user\AppData\Roaming\XClient.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.TextManager.Interop.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.WinForms.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.Threading.Tasks.Extensions.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Uninstall.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-x64\native\WebView2Loader.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-arm64\native\WebView2Loader.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Bcl.AsyncInterfaces.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-x86\native\WebView2Loader.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Encodings.Web.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Wpf.dllJump to dropped file

                      Boot Survival

                      barindex
                      Creates multiple autostart registry keys
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WinUpdateJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run XClientJump to behavior
                      Uses schtasks.exe or at.exe to add and modify task schedules
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnkJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnkJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WinUpdateJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WinUpdateJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run XClientJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run XClientJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_004247C0 GetWindow,SetActiveWindow,IsZoomed,IsIconic,ShowWindow,8_2_004247C0
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\519319841E7905D9BCA4 0EE68C8008E2A8D6252DB3D3B1A1B0179E1F868B0B3240BBCEC3D1C29D5364FBJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: WinUpdate.exe, 00000010.00000002.2198821760.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2198821760.00000000032CE000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000010.00000002.2198821760.00000000032E2000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000015.00000002.2561460834.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000027.00000002.2375843757.0000000003B26000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000027.00000002.2375843757.0000000003B2E000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000027.00000002.2375843757.0000000003B12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2075054867.00000000028E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLLLB^Q
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: D00000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: 28A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: 48A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: 5390000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: 6390000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: 68E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: 78E0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: 7E40000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 25D0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 2850000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 2660000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 7450000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 6930000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 8450000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 6AD0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 7450000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 85C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 95C0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 1250000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 2CB0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 2AD0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 1420000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 3090000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 5090000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 5F50000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 6F50000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: DE0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 29F0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 49F0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 55C0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 65C0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 6B10000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 7B10000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 8070000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 990000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 24E0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 44E0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeMemory allocated: 33E0000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeMemory allocated: 3420000 memory reserve | memory write watch
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeMemory allocated: 5420000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 1180000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 2D40000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 4D40000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 1C80000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 37F0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 3540000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 6550000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 7550000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 79C0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 89C0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 2F60000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 3130000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 2F60000 memory reserve | memory write watch
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4664Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 4113Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow / User API: threadDelayed 466Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow / User API: threadDelayed 9379Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2919
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeWindow / User API: threadDelayed 8033
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeWindow / User API: threadDelayed 902
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Newtonsoft.Json.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.Memory.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.Buffers.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.Shell.Interop.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.TextManager.Interop.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.WinForms.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Core.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.Threading.Tasks.Extensions.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Json.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Uninstall.exeJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-x64\native\WebView2Loader.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-arm64\native\WebView2Loader.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-x86\native\WebView2Loader.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Encodings.Web.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.OLE.Interop.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Wpf.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.Numerics.Vectors.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.ValueTuple.dllJump to dropped file
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeEvaded block: after key decisiongraph_8-25784
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe TID: 6592Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7040Thread sleep count: 4664 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7044Thread sleep count: 4113 > 30Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 1440Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 5944Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XClient.exe TID: 7068Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Local\WinUpdate.exe TID: 7048Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Local\WinUpdate.exe TID: 3320Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7104Thread sleep count: 2919 > 30
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7104Thread sleep count: 116 > 30
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2112Thread sleep time: -7378697629483816s >= -30000s
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5376Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\XClient.exe TID: 2908Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe TID: 824Thread sleep time: -1844674407370954s >= -30000s
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe TID: 1028Thread sleep time: -18446744073709540s >= -30000s
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe TID: 824Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\svchost.exe TID: 5436Thread sleep time: -30000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\XClient.exe TID: 732Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Local\WinUpdate.exe TID: 6556Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\XClient.exe TID: 6424Thread sleep time: -922337203685477s >= -30000s
                      Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\wasm FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\blob_storage\5324f696-03ab-4a85-afcb-24e13f3bf6ec FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\wasm FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\blob_storage\52436495-a03b-472e-9560-119bf85f8d7d FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\5f6b05dd-385e-4ad0-aad3-402004d8fb4f FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\4b935e02-f04e-4dd8-9236-bcac997cd382 FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\4061fcf7-5349-4f87-9296-9386dcb837bf FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\6bdb3c4a-b6a8-40fb-9298-5957f7e38840 FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\d4ff028a-0af2-4a75-b7c4-c2e63a63f198 FullSizeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data FullSizeInformation
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0041C085 wcsncpy,wcslen,wcscat,GetDriveTypeW,FindFirstFileW,FindClose,GetFileAttributesW,GetDriveTypeW,8_2_0041C085
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0041C1F3 wcsncpy,wcslen,wcscat,wcscpy,FindFirstFileW,wcscmp,wcscpy,wcscat,FindFirstFileW,wcscpy,wcscat,wcscmp,wcscmp,FindNextFileW,FindClose,wcscpy,wcscat,FindFirstFileW,SetFileAttributesW,wcscpy,wcscat,wcscmp,wcscmp,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,8_2_0041C1F3
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_6CBAA4E9 FindFirstFileExW,_free,28_2_6CBAA4E9
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00408B02 GetSystemInfo,8_2_00408B02
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeThread delayed: delay time: 922337203685477
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\userJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppDataJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start MenuJump to behavior
                      Source: msedgewebview2.exe, 00000028.00000002.3061259388.0000477400984000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                      Source: msedgewebview2.exe, 00000028.00000002.3064133314.0000477400E88000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mouse
                      Source: aspnet_compiler.exe, 0000000B.00000002.3010044484.0000000000A27000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll txq
                      Source: msedgewebview2.exe, 00000028.00000002.3058982542.0000477400650000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=a3fa3dc0-bfed-4987-8f47-9394d744a935
                      Source: WinUpdate.exe, 00000027.00000002.2375843757.0000000003B12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
                      Source: svchost.exe, 0000001D.00000002.3014664757.00000228FBC2B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.3029328175.00000228FD254000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001D.00000002.3028696659.00000228FD241000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                      Source: WinUpdate.exe, 00000027.00000002.2375843757.0000000003B12000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                      Source: msedgewebview2.exe, 00000028.00000002.3058982542.0000477400650000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=a3fa3dc0-bfed-4987-8f47-9394d744a935Gte|
                      Source: BotMaster.exe, 0000001C.00000002.2999023178.0000000001713000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2515188251.0000029E18640000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2372003426.000001C27B640000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3038426399.0000012EB6444000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000002.3015867679.0000015300440000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_6CBA34EC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_6CBA34EC
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_6CBA2DD0 LoadLibraryW,GetProcAddress,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,GetLastError,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,GetProcAddress,FreeLibrary,28_2_6CBA2DD0
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00421743 memset,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateWindowExW,HeapAlloc,SetPropW,SendMessageW,SetWindowLongW,SetWindowPos,RedrawWindow,8_2_00421743
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_6CBA529D mov eax, dword ptr fs:[00000030h]28_2_6CBA529D
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_6CBA9E0C mov eax, dword ptr fs:[00000030h]28_2_6CBA9E0C
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_6CBA8400 GetProcessHeap,28_2_6CBA8400
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess token adjusted: Debug
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess token adjusted: Debug
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_6CBA34EC IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_6CBA34EC
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_6CBA385F SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,28_2_6CBA385F
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_6CBA951A IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,28_2_6CBA951A
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Adds extensions / path to Windows Defender exclusion list
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\Jump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\Jump to behavior
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\
                      Allocates memory in foreign processes
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 protect: page execute and read and write
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5A
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 42A000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 42C000Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 7E5008Jump to behavior
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 402000
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 42A000
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 42C000
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 64B008
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe "C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe" Jump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exeJump to behavior
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\WinUpdate.exe "C:\Users\user\AppData\Local\WinUpdate.exe"
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: unknown unknown
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: unknown unknown
                      Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x15c,0x170,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1760 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2212 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2452 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883373791 --launch-time-ticks=6381239210 --mojo-platform-channel-handle=3372 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x164,0x168,0x16c,0x13c,0x1a4,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1780 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2376 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2628 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6395273895 --mojo-platform-channel-handle=3444 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6395660630 --mojo-platform-channel-handle=3580 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6396649396 --mojo-platform-channel-handle=3976 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x13c,0x1a0,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=mojoipcz --mojo-named-platform-channel-pipe=3736.6896.865895741088582256
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x15c,0x170,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1760 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=mojoipcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2212 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=mojoipcz /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2452 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=mojoipcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710081883373791 --launch-time-ticks=6381239210 --mojo-platform-channel-handle=3372 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=mojoipcz --mojo-named-platform-channel-pipe=3736.6896.16963202530693688502
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x164,0x168,0x16c,0x13c,0x1a4,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1780 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=mojoipcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2376 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=mojoipcz /prefetch:3
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=mojoipcz --mojo-named-platform-channel-pipe=3736.6896.10684777464287357477
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2628 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=mojoipcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x13c,0x1a0,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6395273895 --mojo-platform-channel-handle=3444 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6395660630 --mojo-platform-channel-handle=3580 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6396649396 --mojo-platform-channel-handle=3976 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x15c,0x170,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1760 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=mojoipcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2212 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=mojoipcz /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2452 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=mojoipcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710081883373791 --launch-time-ticks=6381239210 --mojo-platform-channel-handle=3372 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x164,0x168,0x16c,0x13c,0x1a4,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1780 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=mojoipcz /prefetch:2
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2376 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=mojoipcz /prefetch:3
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2628 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=mojoipcz /prefetch:8
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6395273895 --mojo-platform-channel-handle=3444 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6395660630 --mojo-platform-channel-handle=3580 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6396649396 --mojo-platform-channel-handle=3976 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=mojoipcz /prefetch:1
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x13c,0x1a0,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                      Source: aspnet_compiler.exe, 0000000B.00000002.3028502871.0000000002851000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_6CBA3887 cpuid 28_2_6CBA3887
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Users\user\AppData\Roaming\XClient.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeQueries volume information: C:\Users\user\AppData\Local\WinUpdate.exe VolumeInformation
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeQueries volume information: C:\Users\user\AppData\Local\WinUpdate.exe VolumeInformation
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Users\user\AppData\Roaming\XClient.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.WinForms.dll VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Core.dll VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\OFFSYMB.TTF VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Program Files (x86)\Bot Master\Bot Master\Newtonsoft.Json.dll VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Users\user\AppData\Roaming\XClient.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\MEIPreload\preloaded_data.pb VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
                      Source: C:\Users\user\AppData\Local\WinUpdate.exeQueries volume information: C:\Users\user\AppData\Local\WinUpdate.exe VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Local State VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Variations VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Last Version VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Preferences VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Secure Preferences VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\MEIPreload\preloaded_data.pb VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0 VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Users\user\AppData\Roaming\XClient.exe VolumeInformation
                      Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Sdch Dictionaries VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Network Persistent State VolumeInformation
                      Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
                      Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 28_2_6CBA43BC GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,28_2_6CBA43BC
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0040734D KiUserCallbackDispatcher,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetUserNameW,8_2_0040734D
                      Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00425D57 LoadLibraryW,GetProcAddress,GetVersionExW,8_2_00425D57
                      Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                      Stealing of Sensitive Information

                      barindex
                      Yara detected BrowserPasswordDump
                      Source: Yara matchFile source: 11.2.aspnet_compiler.exe.7450000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.aspnet_compiler.exe.7450000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000B.00000002.3099898068.0000000007450000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 11.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 21.2.WinUpdate.exe.4984df8.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 21.2.WinUpdate.exe.4984df8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000015.00000002.2575343992.0000000004984000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2075054867.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.2995046316.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.2561460834.0000000002F45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2075925447.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Yara detected XWorm
                      Source: Yara matchFile source: 0000000B.00000002.3028502871.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 5928, type: MEMORYSTR
                      Source: Yara matchFile source: 11.2.aspnet_compiler.exe.7450000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.aspnet_compiler.exe.7450000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000B.00000002.3099898068.0000000007450000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

                      Remote Access Functionality

                      barindex
                      Yara detected BrowserPasswordDump
                      Source: Yara matchFile source: 11.2.aspnet_compiler.exe.7450000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.aspnet_compiler.exe.7450000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000B.00000002.3099898068.0000000007450000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Yara detected PureLog Stealer
                      Source: Yara matchFile source: 11.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 21.2.WinUpdate.exe.4984df8.1.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 21.2.WinUpdate.exe.4984df8.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3c187f8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000015.00000002.2575343992.0000000004984000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2075054867.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.2995046316.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000015.00000002.2561460834.0000000002F45000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.2075925447.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Yara detected XWorm
                      Source: Yara matchFile source: 0000000B.00000002.3028502871.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 5928, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                      Windows Management Instrumentation                      		1
                      DLL Side-Loading                      		1
                      DLL Side-Loading                      		11
                      Disable or Modify Tools                      		1
                      Input Capture                      		1
                      System Time Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network Medium1
                      System Shutdown/Reboot
                      CredentialsDomainsDefault Accounts2
                      Native API                      		1
                      Scheduled Task/Job                      		1
                      Access Token Manipulation                      		11
                      Deobfuscate/Decode Files or Information                      		LSASS Memory1
                      Account Discovery                      		Remote Desktop Protocol1
                      Input Capture                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts1
                      Command and Scripting Interpreter                      		121
                      Registry Run Keys / Startup Folder                      		312
                      Process Injection                      		31
                      Obfuscated Files or Information                      		Security Account Manager3
                      File and Directory Discovery                      		SMB/Windows Admin SharesData from Network Shared Drive1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts1
                      Scheduled Task/Job                      		Login Hook1
                      Scheduled Task/Job                      		2
                      Software Packing                      		NTDS47
                      System Information Discovery                      		Distributed Component Object ModelInput Capture3
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script121
                      Registry Run Keys / Startup Folder                      		1
                      DLL Side-Loading                      		LSA Secrets1
                      Query Registry                      		SSHKeylogging114
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                      Masquerading                      		Cached Domain Credentials251
                      Security Software Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                      Modify Registry                      		DCSync2
                      Process Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                      Virtualization/Sandbox Evasion                      		Proc Filesystem141
                      Virtualization/Sandbox Evasion                      		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      Access Token Manipulation                      		/etc/passwd and /etc/shadow11
                      Application Window Discovery                      		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron312
                      Process Injection                      		Network Sniffing1
                      System Owner/User Discovery                      		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                      Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchdStripped PayloadsInput Capture1
                      Remote System Discovery                      		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1406161 Sample: SecuriteInfo.com.Win32.Cryp... Startdate: 10/03/2024 Architecture: WINDOWS Score: 92 100 title-formula.at.ply.gg 2->100 102 botmaster.mediaplus.me 2->102 118 Snort IDS alert for network traffic 2->118 120 Found malware configuration 2->120 122 Malicious sample detected (through community Yara rule) 2->122 124 14 other signatures 2->124 10 SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe 1 7 2->10         started        14 WinUpdate.exe 2->14         started        16 XClient.exe 2->16         started        18 5 other processes 2->18 signatures3 process4 dnsIp5 96 C:\Users\user\AppData\Local\WinUpdate.exe, PE32 10->96 dropped 98 C:\Users\user\...\Botmaster 5.8 direct.exe, PE32 10->98 dropped 140 Creates multiple autostart registry keys 10->140 142 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->142 144 Writes to foreign memory regions 10->144 146 3 other signatures 10->146 21 Botmaster 5.8 direct.exe 6 75 10->21         started        24 aspnet_compiler.exe 2 5 10->24         started        28 aspnet_compiler.exe 10->28         started        40 2 other processes 10->40 30 cmd.exe 14->30         started        32 conhost.exe 16->32         started        104 127.0.0.1 unknown unknown 18->104 34 conhost.exe 18->34         started        36 conhost.exe 18->36         started        38 conhost.exe 18->38         started        file6 signatures7 process8 dnsIp9 86 C:\Program Files (x86)\...\WebView2Loader.dll, PE32 21->86 dropped 88 C:\Program Files (x86)\...\WebView2Loader.dll, PE32+ 21->88 dropped 90 C:\Program Files (x86)\...\WebView2Loader.dll, PE32+ 21->90 dropped 94 19 other files (none is malicious) 21->94 dropped 42 BotMaster.exe 21->42         started        106 title-formula.at.ply.gg 209.25.140.212, 15762, 49734 COGECO-PEER1CA Canada 24->106 92 C:\Users\user\AppData\Roaming\XClient.exe, PE32 24->92 dropped 130 Protects its processes via BreakOnTermination flag 24->130 132 Creates multiple autostart registry keys 24->132 45 schtasks.exe 24->45         started        134 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 28->134 136 Uses schtasks.exe or at.exe to add and modify task schedules 28->136 47 WinUpdate.exe 30->47         started        50 conhost.exe 30->50         started        138 Adds extensions / path to Windows Defender exclusion list 40->138 52 powershell.exe 23 40->52         started        54 conhost.exe 40->54         started        file10 signatures11 process12 dnsIp13 114 botmaster.mediaplus.me 173.248.130.117, 49738, 80 WEHOSTWEBSITES-COMUS United States 42->114 116 172.217.18.142 GOOGLEUS United States 42->116 56 msedgewebview2.exe 42->56         started        59 msedgewebview2.exe 42->59         started        61 msedgewebview2.exe 42->61         started        63 conhost.exe 45->63         started        148 Writes to foreign memory regions 47->148 150 Allocates memory in foreign processes 47->150 152 Adds extensions / path to Windows Defender exclusion list 47->152 154 Injects a PE file into a foreign processes 47->154 65 cmd.exe 47->65         started        signatures14 process15 signatures16 126 Found strings related to Crypto-Mining 56->126 67 msedgewebview2.exe 56->67         started        69 msedgewebview2.exe 56->69         started        71 msedgewebview2.exe 56->71         started        82 2 other processes 56->82 73 msedgewebview2.exe 59->73         started        84 6 other processes 59->84 76 msedgewebview2.exe 61->76         started        128 Adds extensions / path to Windows Defender exclusion list 65->128 78 conhost.exe 65->78         started        80 powershell.exe 65->80         started        process17 dnsIp18 108 20.118.82.167, 443, 49758 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 73->108 110 mmx-ds.cdn.whatsapp.net 31.13.65.49, 443, 49744, 49745 FACEBOOKUS Ireland 73->110 112 3 other IPs or domains 73->112

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe60%VirustotalBrowse
                      SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe51%ReversingLabsByteCode-MSIL.Trojan.Marsilia
                      SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe100%AviraTR/AD.Nekark.gdavo
                      SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Bcl.AsyncInterfaces.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Bcl.AsyncInterfaces.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.OLE.Interop.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.OLE.Interop.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.Shell.Interop.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.Shell.Interop.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.TextManager.Interop.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.TextManager.Interop.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Core.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Core.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.WinForms.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.WinForms.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Wpf.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Wpf.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\Newtonsoft.Json.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\Newtonsoft.Json.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\System.Buffers.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\System.Buffers.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\System.Memory.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\System.Memory.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\System.Numerics.Vectors.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\System.Numerics.Vectors.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\System.Runtime.CompilerServices.Unsafe.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\System.Runtime.CompilerServices.Unsafe.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Encodings.Web.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Encodings.Web.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Json.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Json.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\System.Threading.Tasks.Extensions.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\System.Threading.Tasks.Extensions.dll0%VirustotalBrowse
                      C:\Program Files (x86)\Bot Master\Bot Master\System.ValueTuple.dll0%ReversingLabs
                      C:\Program Files (x86)\Bot Master\Bot Master\System.ValueTuple.dll0%VirustotalBrowse

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      SourceDetectionScannerLabelLink
                      chrome.cloudflare-dns.com0%VirustotalBrowse
                      botmaster.mediaplus.me0%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      https://anglebug.com/73820%URL Reputationsafe
                      https://anglebug.com/73820%URL Reputationsafe
                      http://www.chambersign.org10%URL Reputationsafe
                      http://unisolated.invalid/0%URL Reputationsafe
                      http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                      http://anglebug.com/69290%URL Reputationsafe
                      https://anglebug.com/73690%URL Reputationsafe
                      http://anglebug.com/47220%URL Reputationsafe
                      http://anglebug.com/36230%URL Reputationsafe
                      http://anglebug.com/36250%URL Reputationsafe
                      http://anglebug.com/36240%URL Reputationsafe
                      http://anglebug.com/38620%URL Reputationsafe
                      https://anglebug.com/71610%URL Reputationsafe
                      https://anglebug.com/71620%URL Reputationsafe
                      http://anglebug.com/25170%URL Reputationsafe
                      http://anglebug.com/49370%URL Reputationsafe
                      https://login.windows.local/0%URL Reputationsafe
                      https://anglebug.com/732070%Avira URL Cloudsafe
                      https://tg.602.com0%Avira URL Cloudsafe
                      http://anglebug.com/8280ault0%Avira URL Cloudsafe
                      https://dns.sb/privacy/Char0%Avira URL Cloudsafe
                      https://www.youtube.comGt0%Avira URL Cloudsafe
                      https://www.91duba.com/?f=0%Avira URL Cloudsafe
                      http://anglebug.com/8280ault0%VirustotalBrowse
                      http://anglebug.com/5750)0%Avira URL Cloudsafe
                      http://anglebug.com/5881er0%Avira URL Cloudsafe
                      http://anglebug.com/7406d0%Avira URL Cloudsafe
                      http://anglebug.com/455180%Avira URL Cloudsafe
                      https://anglebug.com/732070%VirustotalBrowse
                      http://crl.ver)0%Avira URL Cloudsafe
                      https://easyauth.edgebrowser.microsoft-staging-falcon.io/0%Avira URL Cloudsafe
                      http://anglebug.com/455180%VirustotalBrowse
                      http://df.edge.qhkj.baicana.com0%Avira URL Cloudsafe
                      https://tg.602.com0%VirustotalBrowse
                      http://anglebug.com/7724ancedG0%Avira URL Cloudsafe
                      https://www.91duba.com/?f=0%VirustotalBrowse
                      https://permanently-removed.invalid/v1/issuetoken0%Avira URL Cloudsafe
                      http://df.edge.qhkj.baicana.com1%VirustotalBrowse
                      https://dns.sb/privacy/Char2%VirustotalBrowse
                      http://anglebug.com/7406d0%VirustotalBrowse
                      https://easyauth.edgebrowser.microsoft-testing-falcon.io/0%Avira URL Cloudsafe
                      https://permanently-removed.invalid/reauth/v1beta/users/0%Avira URL Cloudsafe
                      http://permanently-removed.invalid/0%Avira URL Cloudsafe
                      http://anglebug.com/7724ancedG0%VirustotalBrowse
                      http://r.emsoso.cn0%Avira URL Cloudsafe
                      https://permanently-removed.invalid/LogoutYxAB0%Avira URL Cloudsafe
                      http://anglebug.com/5881&0%Avira URL Cloudsafe
                      https://easyauth.edgebrowser.microsoft-staging-falcon.io/0%VirustotalBrowse
                      http://sgcs.edge.ker58.com0%Avira URL Cloudsafe
                      http://anglebug.com/5881&0%VirustotalBrowse
                      https://permanently-removed.invalid/RotateBoundCookies0%Avira URL Cloudsafe
                      https://discovery.lenovo.com.cn/home062291100%Avira URL Cloudphishing
                      http://r.emsoso.cn0%VirustotalBrowse
                      http://anglebug.com/5750)0%VirustotalBrowse
                      https://designerapp-int.azurewebsites.net/0%Avira URL Cloudsafe
                      http://anglebug.com/8215arch0%Avira URL Cloudsafe
                      https://web.w0%Avira URL Cloudsafe
                      https://discovery.lenovo.com.cn/home0622911%VirustotalBrowse
                      http://anglebug.com/8229earch0%Avira URL Cloudsafe
                      https://static.whatsapp.netGtBe0%Avira URL Cloudsafe
                      https://easyauth.edgebrowser.microsoft-testing-falcon.io/0%VirustotalBrowse
                      https://anglebug.com/7369G0%Avira URL Cloudsafe
                      http://sgcs.edge.ker58.com0%VirustotalBrowse
                      https://www.quad9.net/home/privacy/0%Avira URL Cloudsafe
                      https://docs.microsoft.c0%Avira URL Cloudsafe
                      http://www.founder.com.cn/cn0%Avira URL Cloudsafe
                      https://designerapp-int.azurewebsites.net/0%VirustotalBrowse
                      https://anglebug.com/7369G0%VirustotalBrowse
                      http://www.founder.com.cn/cn0%VirustotalBrowse
                      https://www.quad9.net/home/privacy/1%VirustotalBrowse

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      mmx-ds.cdn.whatsapp.net
                      		31.13.65.49
                      		truefalse
                        		high
                        chrome.cloudflare-dns.com
                        		172.64.41.3
                        		truefalseunknown
                        botmaster.mediaplus.me
                        		173.248.130.117
                        		truefalseunknown
                        title-formula.at.ply.gg
                        		209.25.140.212
                        		truetrue
                          		unknown
                          web.whatsapp.com
                          		unknown
                          		unknownfalse
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://www.4399.com/flash/32979.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://hao123.di178.com/?r916msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://www.4399.com/flash/180977_3.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://tg.602.commsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • 0%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://dns.sb/privacy/Charmsedgewebview2.exe, 00000024.00000002.2372353899.000004BC0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • 2%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://anglebug.com/7382msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.chambersign.org1msedgewebview2.exe, 00000028.00000002.3059193210.0000477400690000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designersBotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://web.whatsapp.com/entrymsedgewebview2.exe, 00000028.00000002.3060901103.00004774008F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknownmsedgewebview2.exe, 00000028.00000003.2660310722.0000477400BB4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660644931.00004774015B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2508741501.0000477401024000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3061667174.0000477400A38000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660512967.00004774015C0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2510360156.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2507649713.000047740103C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658296511.0000477401580000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2660572668.00004774015AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658397859.0000477401484000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2510536179.000047740105C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658250927.00004774015BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2507774300.000047740104C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2658456533.00004774015D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2658721103.00002A90003F4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2539327887.00002A90003F0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2519713911.00002A9000368000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2657372605.00002A90003F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://anglebug.com/8280aultmsedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://anglebug.com/73207msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • 0%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://kf.07073.commsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://unisolated.invalid/msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3061956738.0000477400AC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.youtube.comGtmsedgewebview2.exe, 00000028.00000002.3066456013.00004774015A0000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.4399.com/flash/18012.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.4399.com/flash/zmhj.htm#search3-6407msedgewebview2.exe, 00000021.00000002.2558582842.00006CE000558000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058458099.0000477400550000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.galapagosdesign.com/DPleaseBotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.91duba.com/?f=msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • 0%, Virustotal, Browse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              http://anglebug.com/6929msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://www.jio.com/.msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://www.4399.com/flash/217926_2.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://anglebug.com/5750)msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • 0%, Virustotal, Browse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.4399.com/flash/218860_1.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://anglebug.com/5881ermsedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://momentjs.com/guides/#/warnings/zone/msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://anglebug.com/7406dmsedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://int.msn.cn/msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://anglebug.com/45518msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • 0%, Virustotal, Browse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://anglebug.com/7369msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://www.4399.com/flash/18012_4.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://crl.ver)svchost.exe, 0000001D.00000002.3028038031.00000228FD200000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          		low
                                                          https://www.4399.com/flash/48504.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://easyauth.edgebrowser.microsoft-staging-falcon.io/msedgewebview2.exe, 00000021.00000002.2558582842.00006CE000558000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3057973015.000047740044C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • 0%, Virustotal, Browse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            http://df.edge.qhkj.baicana.commsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            • 1%, Virustotal, Browse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://issuetracker.google.com/161903006msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3047883867.000047D000146000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.png9msedgewebview2.exe, 00000028.00000002.3048052695.0000012EBB3D0000.00000002.00000001.00040000.00000033.sdmpfalse
                                                                		high
                                                                http://anglebug.com/7724ancedGmsedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • 0%, Virustotal, Browse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://web.whatsapp.com/orVimsedgewebview2.exe, 00000028.00000003.2498189520.0000477400DDC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://permanently-removed.invalid/v1/issuetokenmsedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://easyauth.edgebrowser.microsoft-testing-falcon.io/msedgewebview2.exe, 00000021.00000002.2558582842.00006CE000558000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3057973015.000047740044C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • 0%, Virustotal, Browse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://github.com/dcodeIO/long.jsmsedgewebview2.exe, 0000002D.00000003.2715597498.00002A9000804000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://anglebug.com/4722msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331110725.000000CC0015C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480867991.000047D000160000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://permanently-removed.invalid/reauth/v1beta/users/msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://permanently-removed.invalid/msedgewebview2.exe, 00000028.00000002.3056280746.00004774001F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://r.emsoso.cnmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • 0%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://permanently-removed.invalid/LogoutYxABmsedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://web.whatsapp.com/serviceworker.jsaDbmsedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://tiny.jio.com/.msedgewebview2.exe, 00000028.00000003.2710559599.0000477401804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711119489.0000477402804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://www.4399.com/flash/776_1.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://www.4399.com/flash/198637_4.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.4399.com/flash/133630_4.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://momentjs.com/guides/#/warnings/min-max/msedgewebview2.exe, 00000028.00000003.2711717784.0000477402004000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://web.whatsapp.com/tGmsedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://anglebug.com/5881&msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • 0%, Virustotal, Browse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  http://sgcs.edge.ker58.commsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • 0%, Virustotal, Browse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://permanently-removed.invalid/RotateBoundCookiesmsedgewebview2.exe, 00000028.00000002.3054411680.000047740001C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://www.4399.com/flash/218717_2.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.4399.com/flash/136516_3.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.4399.com/flash/203215_3.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.4399.com/flash/207195_4.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://anglebug.com/3623msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          https://discovery.lenovo.com.cn/home062291msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • 1%, Virustotal, Browse
                                                                                          • Avira URL Cloud: phishing
                                                                                          		unknown
                                                                                          https://hao.360.com/?src=jsqthmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://anglebug.com/3625msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://designerapp-int.azurewebsites.net/msedgewebview2.exe, 00000028.00000002.3056280746.00004774001F8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • 0%, Virustotal, Browse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://anglebug.com/3624msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://anglebug.com/3862msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            http://anglebug.com/8215archmsedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://issuetracker.google.com/issues/166475273msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://www.4399.com/flash/21674_3.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.4399.com/flash/115339_1.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://web.wmsedgewebview2.exe, 00000028.00000002.3059022215.0000477400668000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://anglebug.com/8229earchmsedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://static.whatsapp.netGtBemsedgewebview2.exe, 00000028.00000002.3062900608.0000477400BA0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://internet-start.net/?msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.4399.com/flash/35538.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.4399.com/flash/218066_3.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.4399.com/flash/12669_4.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.4399.com/flash/204056_4.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://www.youtube.com/channel/UCYVg9u9eLx2gQ80OlwoJKYwAhttps://twitter.com/khaldoun_bazOhttps://wwBotMaster.exe, 0000001C.00000000.2278490909.0000000000EE2000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                              		high
                                                                                                              https://web.whatsapp.com/6ltG8FltGmsedgewebview2.exe, 00000028.00000002.3059291162.00004774006C1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://login.chinacloudapi.cn/msedgewebview2.exe, 00000028.00000002.3056757721.000047740025C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.so.com/?src=msedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://anglebug.com/7369Gmsedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • 0%, Virustotal, Browse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://anglebug.com/7161msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://www.quad9.net/home/privacy/msedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • 1%, Virustotal, Browse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://anglebug.com/7162msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2394422810.000000CC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    https://web.whatsapp.com/main.cb713928153eb505a605.cssmsedgewebview2.exe, 0000002D.00000003.2658927166.00002A90004F4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://doh-01.spectrum.com/dns-querymsedgewebview2.exe, 00000024.00000002.2373526575.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331956396.000004BC00100000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2552468165.00002A9000118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2582364597.00002A900011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002D.00000003.2479902119.00002A900011C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://anglebug.com/2517msedgewebview2.exe, 00000021.00000003.2342379509.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2332203203.00006CE00082C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000003.2343299458.00006CE000840000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2568956232.00006CE000A1C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331145711.000000CC0016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2332379369.000000CC0019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331198782.000000CC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2386317056.000000CC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000002.2393991419.000000CC001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000023.00000003.2331229682.000000CC001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484264089.0000477400C3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000003.2484373342.0000477400CCC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3060852215.00004774008D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480937349.000047D000170000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481009816.000047D0001B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://docs.microsoft.cBotMaster.exefalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        http://anglebug.com/4937msedgewebview2.exe, 0000002C.00000002.3048626894.000047D00020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2480973963.000047D00017C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000003.2481114378.000047D00019C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000002C.00000002.3043308566.000047D00000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://login.windows.local/msedgewebview2.exe, 00000021.00000003.2461631474.0000029E186C9000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000021.00000002.2518174737.0000029E186CB000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3039355581.0000012EB6492000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://www.sogou.com/web?ie=msedgewebview2.exe, 00000021.00000002.2558398773.00006CE0004C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058323423.00004774004E0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.founder.com.cn/cnBotMaster.exe, 0000001C.00000002.3112732985.0000000007B02000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          • 0%, Virustotal, Browse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://developer.mozilla.org/docs/Web/HTTP/Headers/X-Frame-Options)Botmaster 5.8 direct.exe, 00000008.00000003.2213905614.00000000039D1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://web.whatsapp.com/apple-touch-icon.pngmsedgewebview2.exe, 00000028.00000002.3058648815.00004774005A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.4399.com/flash/155283_1.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.4399.com/flash/seer.htmmsedgewebview2.exe, 00000021.00000002.2559133423.00006CE0005C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000028.00000002.3058735389.00004774005D8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high

                                                                                                                                  World Map of Contacted IPs

                                                                                                                                  • No. of IPs < 25%
                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                  • 75% < No. of IPs

                                                                                                                                  Public IPs

                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                  162.159.61.3
                                                                                                                                  		unknownUnited States
                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                  209.25.140.212
                                                                                                                                  		title-formula.at.ply.ggCanada
                                                                                                                                  		13768COGECO-PEER1CAtrue
                                                                                                                                  20.118.82.167
                                                                                                                                  		unknownUnited States
                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                  31.13.65.49
                                                                                                                                  		mmx-ds.cdn.whatsapp.netIreland
                                                                                                                                  		32934FACEBOOKUSfalse
                                                                                                                                  173.248.130.117
                                                                                                                                  		botmaster.mediaplus.meUnited States
                                                                                                                                  		30475WEHOSTWEBSITES-COMUSfalse
                                                                                                                                  172.217.18.142
                                                                                                                                  		unknownUnited States
                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                  172.64.41.3
                                                                                                                                  		chrome.cloudflare-dns.comUnited States
                                                                                                                                  		13335CLOUDFLARENETUSfalse

                                                                                                                                  Private

                                                                                                                                  IP
                                                                                                                                  127.0.0.1

                                                                                                                                  General Information

                                                                                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                  Analysis ID:1406161
                                                                                                                                  Start date and time:2024-03-10 17:29:06 +01:00
                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                  Overall analysis duration:0h 13m 2s
                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                  Report type:full
                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                  Number of analysed new started processes analysed:53
                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                  Number of injected processes analysed:1
                                                                                                                                  Technologies:
                                                                                                                                  • HCA enabled
                                                                                                                                  • EGA enabled
                                                                                                                                  • AMSI enabled
                                                                                                                                  Analysis Mode:default
                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                  Sample name:SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                  Detection:MAL
                                                                                                                                  Classification:mal92.troj.evad.mine.winEXE@69/364@9/8
                                                                                                                                  EGA Information:
                                                                                                                                  • Successful, ratio: 62.5%
                                                                                                                                  HCA Information:
                                                                                                                                  • Successful, ratio: 99%
                                                                                                                                  • Number of executed functions: 345
                                                                                                                                  • Number of non-executed functions: 10
                                                                                                                                  Cookbook Comments:
                                                                                                                                  • Found application associated with file extension: .exe

                                                                                                                                  Warnings

                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                  • Excluded IPs from analysis (whitelisted): 13.107.42.16, 23.202.57.177, 52.159.108.190, 142.251.2.94
                                                                                                                                  • Excluded domains from analysis (whitelisted): nav-edge.smartscreen.microsoft.com, fs.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, tm-prod-wd-csp-edge.trafficmanager.net, ocsp.digicert.com, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, prod-agic-ncu-1.northcentralus.cloudapp.azure.com, e16604.g.akamaiedge.net, www.gstatic.com, l-0007.l-msedge.net, prod.fs.microsoft.com.akadns.net, config.edge.skype.com
                                                                                                                                  • Execution Graph export aborted for target WinUpdate.exe, PID 7036 because it is empty
                                                                                                                                  • Execution Graph export aborted for target XClient.exe, PID 1836 because it is empty
                                                                                                                                  • Execution Graph export aborted for target XClient.exe, PID 7040 because it is empty
                                                                                                                                  • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                  • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                  • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                  Simulations

                                                                                                                                  Behavior and APIs

                                                                                                                                  TimeTypeDescription
                                                                                                                                  16:30:40AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WinUpdate C:\Users\user\AppData\Local\WinUpdate.exe
                                                                                                                                  16:30:44Task SchedulerRun new task: XClient path: C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                  16:30:48AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run XClient C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                  16:30:56AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run WinUpdate C:\Users\user\AppData\Local\WinUpdate.exe
                                                                                                                                  16:31:04AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run XClient C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                  16:31:13AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk
                                                                                                                                  17:30:05API Interceptor29x Sleep call for process: powershell.exe modified
                                                                                                                                  17:30:42API Interceptor488720x Sleep call for process: aspnet_compiler.exe modified
                                                                                                                                  17:31:00API Interceptor2x Sleep call for process: svchost.exe modified
                                                                                                                                  17:31:01API Interceptor16293x Sleep call for process: BotMaster.exe modified

                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                  IPs

                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                  162.159.61.3SecuriteInfo.com.Win32.PUP-gen.2847.28870.exeGet hashmaliciousUnknownBrowse
                                                                                                                                    YmXa44bW67.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      Google Digital Marketing .xlsx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        Google Digital Marketing .xlsx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                          Channels.xmlGet hashmaliciousUnknownBrowse
                                                                                                                                            SW_PC_Interact2.3.5_Build6.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                              SW_PC_Interact2.3.5_Build6.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                Sample.xmlGet hashmaliciousUnknownBrowse
                                                                                                                                                  systemtest-standalone-10.12.3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    systemtest-standalone-10.12.3.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                      209.25.140.212MH8owDK88S.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                        20.118.82.167Setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                          172.64.41.3SecuriteInfo.com.Win32.PUP-gen.2847.28870.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                            YmXa44bW67.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                              YmXa44bW67.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                PdfConverters.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                  Undeliverable IMPORTANT TAX RETURN DOCUMENT AVAILABLE LCAPOZZO #Ud83d#Udcd1 - 2 16 2024.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                    Channels.xmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                      SW_PC_Interact2.3.5_Build6.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                        SW_PC_Interact2.3.5_Build6.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                          Sample.xmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                            systemtest-standalone-10.12.3.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                              Domains

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              chrome.cloudflare-dns.comSecuriteInfo.com.Win32.PUP-gen.2847.28870.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                              YmXa44bW67.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                              YmXa44bW67.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                              Google Digital Marketing .xlsx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                              Google Digital Marketing .xlsx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                              PdfConverters.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                              Channels.xmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                              SW_PC_Interact2.3.5_Build6.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                              SW_PC_Interact2.3.5_Build6.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                              Sample.xmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 162.159.61.3

                                                                                                                                                                              ASNs

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              COGECO-PEER1CAWGHFgjyKDE.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 216.247.181.74
                                                                                                                                                                              NX9ITZc5iJ.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 209.35.254.23
                                                                                                                                                                              L0zZGsMbgk.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 192.154.251.64
                                                                                                                                                                              EadBqsohhH.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 69.90.30.223
                                                                                                                                                                              https://yahu.pages.dev/account/js-reporting/?crumb=F3RZp873jWJ&message=javascript_not_enabled&ref=%2FGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 69.90.133.51
                                                                                                                                                                              https://fnbo-alerts.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 209.25.233.254
                                                                                                                                                                              SecuriteInfo.com.Win32.Trojan.Agent.M47LP3.18905.20801.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 69.90.133.51
                                                                                                                                                                              SecuriteInfo.com.Win32.Trojan.Agent.M47LP3.18905.20801.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 69.90.133.51
                                                                                                                                                                              http://biadshome.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 69.90.133.51
                                                                                                                                                                              http://canettech.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 69.90.133.51
                                                                                                                                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                                              • 104.21.44.94
                                                                                                                                                                              file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                              • 104.26.4.15
                                                                                                                                                                              SecuriteInfo.com.Win64.TrojanX-gen.17769.2791.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 104.21.90.199
                                                                                                                                                                              DHL L&S - 1C23THP 00042194.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                              SecuriteInfo.com.Win64.TrojanX-gen.17769.2791.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 104.21.90.199
                                                                                                                                                                              uKbXAans9z.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                              • 172.67.177.133
                                                                                                                                                                              https://cauce.member365.ca/ecommunication/api/click/fTHL3yQwZqMF3t4GeIvSCw/9eWYH6BfA-e-OeIU2EZMcg?r=https://securemil.bsa944.org/Get hashmaliciousReCaptcha PhishBrowse
                                                                                                                                                                              • 172.67.215.1
                                                                                                                                                                              SecuriteInfo.com.Win32.PUP-gen.2847.28870.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 172.67.169.89
                                                                                                                                                                              file.exeGet hashmaliciousPureLog Stealer, RisePro StealerBrowse
                                                                                                                                                                              • 172.67.75.166
                                                                                                                                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                                              • 104.21.44.94
                                                                                                                                                                              file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                              • 104.26.4.15
                                                                                                                                                                              SecuriteInfo.com.Win64.TrojanX-gen.17769.2791.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 104.21.90.199
                                                                                                                                                                              DHL L&S - 1C23THP 00042194.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                              SecuriteInfo.com.Win64.TrojanX-gen.17769.2791.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 104.21.90.199
                                                                                                                                                                              uKbXAans9z.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                              • 172.67.177.133
                                                                                                                                                                              https://cauce.member365.ca/ecommunication/api/click/fTHL3yQwZqMF3t4GeIvSCw/9eWYH6BfA-e-OeIU2EZMcg?r=https://securemil.bsa944.org/Get hashmaliciousReCaptcha PhishBrowse
                                                                                                                                                                              • 172.67.215.1
                                                                                                                                                                              SecuriteInfo.com.Win32.PUP-gen.2847.28870.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 172.67.169.89
                                                                                                                                                                              file.exeGet hashmaliciousPureLog Stealer, RisePro StealerBrowse
                                                                                                                                                                              • 172.67.75.166
                                                                                                                                                                              MICROSOFT-CORP-MSN-AS-BLOCKUSuKbXAans9z.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                              • 20.189.173.20
                                                                                                                                                                              https://cauce.member365.ca/ecommunication/api/click/fTHL3yQwZqMF3t4GeIvSCw/9eWYH6BfA-e-OeIU2EZMcg?r=https://securemil.bsa944.org/Get hashmaliciousReCaptcha PhishBrowse
                                                                                                                                                                              • 13.107.213.69
                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 20.42.65.92
                                                                                                                                                                              vrcd941p2O.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 52.125.117.86
                                                                                                                                                                              Fh0kScswH7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 111.221.112.52
                                                                                                                                                                              vJSyCK4is2.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 20.126.207.17
                                                                                                                                                                              dOFtshU17q.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 40.126.152.216
                                                                                                                                                                              p4pU29bYMV.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 51.134.7.108
                                                                                                                                                                              LsgqN88sQ4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 72.154.250.59
                                                                                                                                                                              https://fggg78.pages.dev/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                              • 13.107.213.69
                                                                                                                                                                              WEHOSTWEBSITES-COMUShuhu.mips-20240212-0910.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                              • 72.18.135.194
                                                                                                                                                                              an_international_agreement_to_voluntarily_limit_greenhouse_gas_emissions_is_called_the_60718.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                              • 173.248.144.189
                                                                                                                                                                              AqR4iHLU9B.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                              • 23.239.207.76
                                                                                                                                                                              ttu0YZmLUl.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                              • 178.218.146.89
                                                                                                                                                                              bI0B9Ewwum.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                              • 178.218.146.89
                                                                                                                                                                              SZaep3pXQ7.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                              • 178.218.146.89
                                                                                                                                                                              a-r.m-4.ISIS.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                              • 178.218.146.89
                                                                                                                                                                              a-r.m-6.ISIS.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                              • 178.218.146.89
                                                                                                                                                                              a-r.m-5.ISIS.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                              • 178.218.146.89
                                                                                                                                                                              m-i.p-s.ISIS.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                              • 178.218.146.89

                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                              No context

                                                                                                                                                                              Dropped Files

                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                              C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.Shell.Interop.dllKiwi_Syslog_Server_9.8.2.Freeware.setup.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Bcl.AsyncInterfaces.dllOrangeBot Installer - UAT (1.18.5.23313).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  https://geteasypdf.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                    PostSharp-2024.0.4-rc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                      MDE_File_Sample_4e8af2004a77f531e655e2e5cb669c388d0655c9.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        https://fastprintapp.com/lp1?channel=hud-gdn&tracking_id=142&oid=142&affid=1025&source_id=google&sub1=142imall&gclid=EAIaIQobChMI5Lzv2NSvgwMVXaOmBB3WUQkTEAEYASAAEgI9zPD_BwEGet hashmaliciousUnknownBrowse
                                                                                                                                                                                          https://onelaunch.com/downloadGet hashmaliciousUnknownBrowse
                                                                                                                                                                                            https://getquickmanuals.com/manuals/lp2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                              https://download.onelaunch.com/latest/Onelaunch%20Software.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                https://download.onelaunch.com/latest/Onelaunch%20Software.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                  OneLaunch - Manuals_t5m2z.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                    Created / dropped Files

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.application

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (550), with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1805
                                                                                                                                                                                                    Entropy (8bit):5.211082988295327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:3B9oLwOw8jZcTotSgHneTDxi7ig0n6N0kkQdEHTw:xWLwO9ZcTsneT0WSkw
                                                                                                                                                                                                    MD5:D45F410BEBCB1FC248BEB7FAE0FD44F0
                                                                                                                                                                                                    SHA1:DE471EC8FFA1B77B412A591D975BB9F6D1BD78B2
                                                                                                                                                                                                    SHA-256:D785A408820C82C90E306533CAE1879ED4FB9ECE0F7AA12B0AB77C50C9638700
                                                                                                                                                                                                    SHA-512:DF8BC17AB0AC0AC1BE9B57C60F5EB1917F737DCFCD8ECBA45C0DDABE0D569A798E71D6F0EE7B5E6FC7BF7D79BC8255FC4F500F9A2A15A6BF04B5A9BEC8B9075D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="BotMaster.application" version="1.0.0.0" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="BotMaster" asmv2:product="BotMaster" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="true" />.. <compatibleFrameworks xmlns="urn:schemas-microsoft-com:clickon

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2941952
                                                                                                                                                                                                    Entropy (8bit):4.368119490757434
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:fhx7siRe9fEtTMd+8MIKJEz8Jfy5/uYSuwCV8YB09YnlzQ:fXDkxEtgc8PKuaCVHZl
                                                                                                                                                                                                    MD5:895F3A548FD8FA6FD1355AF6D218DA2C
                                                                                                                                                                                                    SHA1:F45065862543B4834B525AC235672D4B11F67EC9
                                                                                                                                                                                                    SHA-256:14A2312F1485E3B0ACD96127083BCA19DCA2988842DAE4928F7EDFE6CB2B47C4
                                                                                                                                                                                                    SHA-512:55DC3094822C57562C9761DC66B79799B5CFD1829AE81B82AE6AD5ECF545D1E5A11D7B522B182046FB98920D4CEE6E8106DB45ED8BFCF53FBEF6CF8AFE3EC774
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..d.........."...P..2(.........bP(.. ...`(...@.. .......................@-...........`..................................P(.O....`(.p.................... -......N(.............................................. ............... ..H............text...h0(.. ...2(................. ..`.rsrc...p....`(......4(.............@..@.reloc....... -.......,.............@..B................DP(.....H............................G...........................................0............("...(#.........(.....o$....*.....................(%......(&......('......((......()....*N..(....o....(*....*&..(+....*.s,........s-........s.........s/........s0........*....0...........~....o1....+..*.0...........~....o2....+..*.0...........~....o3....+..*.0...........~....o4....+..*.0...........~....o5....+..*.0..<........~.....(6.....,!r...p.....(7...o8...s9............~.....+..*.0......

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe.config

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):564
                                                                                                                                                                                                    Entropy (8bit):5.0740538700827695
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:MMHdGGsVOsreOJ9LNFF7ap+5iplp7qf/2/dFicYo4xm:JdsrztPF7NQ7uH2/X9r
                                                                                                                                                                                                    MD5:39F34FD0CDDA615B78BBE7F9576BFC7B
                                                                                                                                                                                                    SHA1:B34C1D2097E16BC6197769C0E5895C1FB579D369
                                                                                                                                                                                                    SHA-256:A281F7A40A47C15A31A76616AE563CC461EFE00C1098FDA834226FBDA3F93A9D
                                                                                                                                                                                                    SHA-512:207BFFA47194D18CB498A071FB5C7F6E8FCE08CE736F235D5BF08B1A92AC5610C609D448EFADD3C73817001D3B55ADE36B148226030A3026D284EFC87D293C3F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe.manifest

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF, LF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18208
                                                                                                                                                                                                    Entropy (8bit):5.288630221697824
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:xXc5tu28iw+OuOLmuAJzAKdbGDb4xbxZxy3sTs6:xXc5tuvJ0s6
                                                                                                                                                                                                    MD5:E8704F80438109BC2A2AA65F9FC5C20C
                                                                                                                                                                                                    SHA1:CB639857A416AADE8F5DBBB6C15B000EA6AAB16B
                                                                                                                                                                                                    SHA-256:400EA9E7CCD70228FF7073A148B6D6972A54DA59D6CA61C689F7E48E4A030096
                                                                                                                                                                                                    SHA-512:9A59D33325FD6AFB8DEC503200D877B9165E23CC10681F08D8F02EF8E226C46B954DE6192E4CC8BF1BE90BC4034ABE7E91399B88FD3BB1F85D8D98D9D3D8C946
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="BotMaster.exe" version="1.0.0.0" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="msil" type="win32" />.. <description asmv2:iconFile="BotmasterIcon.ico" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <application />.. <entryPoint>.. <assemblyIdentity name="BotMaster" version="5.8.0.1" language="neutral" processorArchitecture="msil" />.. <commandLine file="BotMaster.exe" parameters

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.pdb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:MSVC program database ver 7.00, 512*1375 bytes
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):704000
                                                                                                                                                                                                    Entropy (8bit):4.22630193408373
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:tFSnnQd5XupJEw0rbBRqyr5XEsbGiTt0pPZdd1uuzZRw25RqdyaUA:ttu/Efb6iGlZdrucZh5Rqd
                                                                                                                                                                                                    MD5:680D8CB25E82565643635ADF63D6A5E1
                                                                                                                                                                                                    SHA1:74AEB54D2A1321715A6EBAC5F40D2A42301C6A8D
                                                                                                                                                                                                    SHA-256:3B1EAE4EE06996EFB289675C9D46F6D68C3913657125114586ACD27B5462CCD4
                                                                                                                                                                                                    SHA-512:77B47DC246E90DAEA9269BF30BD13C443AB01A5C6F639A953C2E02AD3E878AE9D6CBC77C7395717166191796106F70DC566D69921BA66FB47BCFE5948C8A3411
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Microsoft C/C++ MSF 7.00...DS..........._...........[...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4810
                                                                                                                                                                                                    Entropy (8bit):4.9963250103381
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:YJbH1QDUDT7GVNNxihfeWQTchbhfmaxTHO7Eg:YJbH1QDUDT7GVNNxiVeWQTKbRm47O7Eg
                                                                                                                                                                                                    MD5:4F6C1BD4D5B833BC7923D877C5367074
                                                                                                                                                                                                    SHA1:DEC24573BA485740254CA2A92673A4DB0B6B4C1C
                                                                                                                                                                                                    SHA-256:DE262D09B9E172FF84A85D1B504023C009CD92970A68AF1684AD48865BB36426
                                                                                                                                                                                                    SHA-512:8E45977A45716AEDA9DDCF15C3EB1777374E2BC55E334A7EEE3E49EDE2B4CF7F3F328782B9FF27383232F012B5A178383E95179E18755FE5DC22720B279E60AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<?xml version="1.0"?>..<doc>..<assembly>..<name>..BotMaster..</name>..</assembly>..<members>..<member name="T:BotMaster.My.Resources.Resources">..<summary>.. A strongly-typed resource class, for looking up localized strings, etc...</summary>..</member>..<member name="P:BotMaster.My.Resources.Resources.ResourceManager">..<summary>.. Returns the cached ResourceManager instance used by this class...</summary>..</member>..<member name="P:BotMaster.My.Resources.Resources.Culture">..<summary>.. Overrides the current thread's CurrentUICulture property for all.. resource lookups using this strongly typed resource class...</summary>..</member>..<member name="P:BotMaster.My.Resources.Resources._imports">..<summary>.. Looks up a localized resource of type System.Drawing.Bitmap...</summary>..</member>..<member name="P:BotMaster.My.Resources.Resources.addmsg">..<summary>.. Looks up a localized resource of type System.Drawing.Bitmap...</summary>..</member>..<member name="P:BotMaster.My.Reso

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Languages\English.json

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):26248
                                                                                                                                                                                                    Entropy (8bit):5.053284363077672
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:czZEVfiLTDVQnvmjszRSOhgkRcADFBQxT:awfiL3VyvDzgOz5FBQxT
                                                                                                                                                                                                    MD5:A9536B928E39650DB8DB6E496F1A85BE
                                                                                                                                                                                                    SHA1:946F305B747C5F21B8EAE1152748F140DDE81A38
                                                                                                                                                                                                    SHA-256:DC57336A3B0C6FC4E9ABA14E0138BAC8149737D83D489B50B032303CA88B6AD4
                                                                                                                                                                                                    SHA-512:413596BC7B9B4348FA5B2360F050EACD61145D4CA8F10B773285F54B222F1852D95A51D45334F1EEA14E7A78F0738FE6C14283AE86CCED2A56ACDC810389A5AD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[..{"Key":"FrmAdd.BtnOK","Text":"OK"},..{"Key":"FrmAdd.BtnCancel","Text":"Cancel"},..{"Key":"FrmAdd.Label1","Text":"Country code"},..{"Key":"FrmAdd","Text":"Add Country Code"},..{"Key":"FrmAdd.FamiliarAccountBtnOk","Text":"OK"},..{"Key":"FrmAdd.FamiliarAccountBtnCancel","Text":"Cancel"},..{"Key":"FrmAdd.FamiliarAccountLabel1","Text":"Whatsapp Account Number"},..{"Key":"FrmAdd.FamiliarAccountLabel2","Text":"Please ensure that the account that you add it it's a whatsapp account and he is receiving messages from you"},..{"Key":"FrmAdd.FamiliarAccountText ","Text":"Add Whatsapp Familiar Account"},..{"Key":"FrmAdd.MessageBtnOK","Text":"OK"},..{"Key":"FrmAdd.MessageBtnCancel","Text":"Cancel"},..{"Key":"FrmAdd.MessageLabel1","Text":"Message"},..{"Key":"FrmAdd.MessageText ","Text":"Add Message"},..{"Key":"FrmAdvanced.BtnAddFamiliarAccount","Text":"Add"},..{"Key":"FrmAdvanced.BtnDeleteFamiliarAccount","Text":"Delete"},..{"Key":"FrmAdvanced.BtnAddMessages","Text":"Add"},..{"Key":"FrmAdvanced.Bt

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Languages\Espa ol.json

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36081
                                                                                                                                                                                                    Entropy (8bit):4.818968961339408
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:ayjg71nCUxZJQuXcqG8eXU9HmWz5N9vTH:buCU1Qt8ekxfzBLH
                                                                                                                                                                                                    MD5:5A190EFD96C50E29479419E0D28D9A55
                                                                                                                                                                                                    SHA1:C529655A3758087BD8970CB19B2284AE06EFAC22
                                                                                                                                                                                                    SHA-256:744EE1CFF7E2563A6824C553BFFA600F4181DF7DAEDEE265D94460B6A4F50E52
                                                                                                                                                                                                    SHA-512:01236CE3FFAC3176E4039D1C8928D2A21FE989F4A5BBFC62A51D1E17DA3204AD6300698613A6E3CFAD107F9AFBE92379EF932ADAC34A432724B36587AE4AF563
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[.. {.. "Key": "FrmAdd.BtnOK",.. "Text": "Okay".. },.. {.. "Key": "FrmAdd.BtnCancel",.. "Text": "Cancelar".. },.. {.. "Key": "FrmAdd.Label1",.. "Text": "C.digo de pa.s".. },.. {.. "Key": "FrmAdd",.. "Text": "Agregar c.digo de pa.s".. },.. {.. "Key": "FrmAdd.FamiliarAccountBtnOk",.. "Text": "Okay".. },.. {.. "Key": "FrmAdd.FamiliarAccountBtnCancel",.. "Text": "Cancelar".. },.. {.. "Key": "FrmAdd.FamiliarAccountLabel1",.. "Text": "N.mero de cuenta de Whatsapp".. },.. {.. "Key": "FrmAdd.FamiliarAccountLabel2",.. "Text": "Aseg.rese de que la cuenta que agregue sea una cuenta de WhatsApp y que .l reciba mensajes de usted".. },.. {.. "Key": "FrmAdd.FamiliarAccountText",.. "Text": "Agregar cuenta familiar de Whatsapp".. },.. {.. "Key": "FrmAdd.MessageBtnOK",.. "Text": "Okay".. },.. {.. "Key": "FrmAdd.MessageBtnCancel",.. "Text": "Cancelar".. },.. {.. "Key": "FrmAdd.MessageLabel1",.. "Text": "

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Languages\Fran ais.json

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36262
                                                                                                                                                                                                    Entropy (8bit):4.831114510674506
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:/DAXfJT0s5LLaLJLJ/YefttFMVYrfduCMA6JdnmO:/DCJT0s5LeLJ9YqtLMVYDduCMAanmO
                                                                                                                                                                                                    MD5:EE4C22BAEEDC03D0582829017F5D7C13
                                                                                                                                                                                                    SHA1:F26A3A32FB37B300D41F03D3D914D1CBED432C5E
                                                                                                                                                                                                    SHA-256:D844F1F0F8CA5D5D4CDAB2E1C317259FAE76ADE680D29309C2DEBD8311351BF9
                                                                                                                                                                                                    SHA-512:5019D9F664B3C93E907B865EFA45441510CFB9C9FD0E106EAA258963E161F861B448DF39D800067276AAED57376B6FD277EA27DBF11D34A3023B94C248C75217
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[.. {.. "Key": "FrmAdd.BtnOK",.. "Text": "OK".. },.. {.. "Key": "FrmAdd.BtnCancel",.. "Text": "Annuler".. },.. {.. "Key": "FrmAdd.Label1",.. "Text": "Code postal".. },.. {.. "Key": "FrmAdd",.. "Text": "Ajouter le code du pays".. },.. {.. "Key": "FrmAdd.FamiliarAccountBtnOk",.. "Text": "OK".. },.. {.. "Key": "FrmAdd.FamiliarAccountBtnCancel",.. "Text": "Annuler".. },.. {.. "Key": "FrmAdd.FamiliarAccountLabel1",.. "Text": "Num.ro de compte Whatsapp".. },.. {.. "Key": "FrmAdd.FamiliarAccountLabel2",.. "Text": "Veuillez vous assurer que le compte que vous ajoutez est un compte WhatsApp et qu'il re.oit des messages de votre part".. },.. {.. "Key": "FrmAdd.FamiliarAccountText",.. "Text": "Ajouter un compte familier Whatsapp".. },.. {.. "Key": "FrmAdd.MessageBtnOK",.. "Text": "OK".. },.. {.. "Key": "FrmAdd.MessageBtnCancel",.. "Text": "Annuler".. },.. {.. "Key": "FrmAdd.MessageLabel1",.. "Text": "

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Languages\Portugu s.json

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):31667
                                                                                                                                                                                                    Entropy (8bit):5.065797656202188
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:BJiZUJmFzGkewrclfom+wXMzmWF7LusTHy5kXbrfZmQUKOIcL6O5T+XgAXPOxjG9:1boafomlqmWpHTHukXBuBcO5YgyQS9
                                                                                                                                                                                                    MD5:B1D1D7A7C064EB0D4428E2EA6B7B39F1
                                                                                                                                                                                                    SHA1:07B9F9E4436EE2B8B90D6B3ABDB025E62B20CF38
                                                                                                                                                                                                    SHA-256:0FE36A0C346F80EA9CAA0D046A699F7A9907491CF8D02F8059D9A75EBA6FE826
                                                                                                                                                                                                    SHA-512:31535A6FB8EA7A253C20F4C6CA5AFEFF18597718DA346CB2F834FA54DE1F6B587739016767E97A3544DA10C46086AEB9417C03F402600D80B9EF337B9F55D448
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[..{..."Key": "FrmAdd.BtnOK",..."Text": "OK"..},..{..."Key": "FrmAdd.BtnCancel",..."Text": "Cancelar"..},..{..."Key": "FrmAdd.Label1",..."Text": "C.digo do pa.s"..},..{..."Key": "FrmAdd",..."Text": "Adicionar c.digo do pa.s"..},..{..."Key": "FrmAdd.FamiliarAccountBtnOk",..."Text": "OK"..},..{..."Key": "FrmAdd.FamiliarAccountBtnCancel",..."Text": "Cancelar"..},..{..."Key": "FrmAdd.FamiliarAccountLabel1",..."Text": "N.mero da conta do Whatsapp"..},..{..."Key": "FrmAdd.FamiliarAccountLabel2",..."Text": "Verifique se a conta que voc. adicionou . uma conta do whatsapp e ele est. recebendo mensagens suas"..},..{..."Key": "FrmAdd.FamiliarAccountText",..."Text": "Adicionar conta familiar do Whatsapp"..},..{..."Key": "FrmAdd.MessageBtnOK",..."Text": "OK"..},..{..."Key": "FrmAdd.MessageBtnCancel",..."Text": "Cancelar"..},..{..."Key": "FrmAdd.MessageLabel1",..."Text": "mensagem"..},..{..."Key": "FrmAdd.MessageText",..."Text": "Adicionar mensagem"..},..{..."Key": "FrmAdvanced.BtnAddFamilia

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Languages\indonesia.json

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):26503
                                                                                                                                                                                                    Entropy (8bit):5.067472079756546
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:/NILIWmsjLr+ahEfQYTRux9AocDqAWy+i/mmzOjvRdxX:/ojZhEfQYT0fDewqmmz8vRdxX
                                                                                                                                                                                                    MD5:638FDEE0F5D4F4F5A4EA5EDE8BDCAFCA
                                                                                                                                                                                                    SHA1:C8969FA74200968A38C82630C4B43E0A7912441E
                                                                                                                                                                                                    SHA-256:4A25D0F19B860CEE7A2CA6AEEEE4DF6612E243EBCAC59F1DF16A3E176CC3C2DC
                                                                                                                                                                                                    SHA-512:3E970AEDCF6676B2DD95B1B836760FBADD74CE91C4872587BCBB995611C572EB47D94911EB98661D071824D5259E1E042ABF56CB24CC6E32E5713B2E5477945C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[..{"Key":"FrmAdd.BtnOK","Text":"OK"},..{"Key":"FrmAdd.BtnCancel","Text":"Batal"},..{"Key":"FrmAdd.Label1","Text":"Kode Negara"},..{"Key":"FrmAdd","Text":"Tambah Kode Negara"},..{"Key":"FrmAdd.FamiliarAccountBtnOk","Text":"OK"},..{"Key":"FrmAdd.FamiliarAccountBtnCancel","Text":"Batal"},..{"Key":"FrmAdd.FamiliarAccountLabel1","Text":"Nomor Akun Whatsapp"},..{"Key":"FrmAdd.FamiliarAccountLabel2","Text":"Harap pastikan bahwa akun yang Anda tambahkan itu adalah akun whatsapp dan dia menerima pesan dari Anda"},..{"Key":"FrmAdd.FamiliarAccountText ","Text":"Tambahkan Akun familiar Whatsapp"},..{"Key":"FrmAdd.MessageBtnOK","Text":"OK"},..{"Key":"FrmAdd.MessageBtnCancel","Text":"Batal"},..{"Key":"FrmAdd.MessageLabel1","Text":"Pesan"},..{"Key":"FrmAdd.MessageText ","Text":"Tambah Pesan"},..{"Key":"FrmAdvanced.BtnAddFamiliarAccount","Text":"Tambah"},..{"Key":"FrmAdvanced.BtnDeleteFamiliarAccount","Text":"Hapus"},..{"Key":"FrmAdvanced.BtnAddMessages","Text":"Tambah"},..{"Key":"FrmAdvanced.BtnDele

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Bcl.AsyncInterfaces.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):22144
                                                                                                                                                                                                    Entropy (8bit):6.434408185018128
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:O/9b512C4dABe070VJI0Ftdalemxxf34wqsWeb/WjR/uPHRN7Y5slu6o:O/f1IDjV9UPPpWRMkT
                                                                                                                                                                                                    MD5:48EFE61D6CA3054309907B532D576D2A
                                                                                                                                                                                                    SHA1:F36403AABB16540C93FB35245EC0B4E435628AAE
                                                                                                                                                                                                    SHA-256:295AF2142D9214F3FD84EAFE4778DCA119BE7E0229F14B6BA8D5269C2F1E2E78
                                                                                                                                                                                                    SHA-512:778E7C4675D8FDE9E083230213D2EFA19AA6924FE892ED74FA1EA2EC16743BB14B99B51856E75EAEF632D57BE7F36DD1BC7CE39A7C2B0435B2F3211BB19836A3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                    • Filename: OrangeBot Installer - UAT (1.18.5.23313).msi, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: PostSharp-2024.0.4-rc.exe, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: MDE_File_Sample_4e8af2004a77f531e655e2e5cb669c388d0655c9.zip, Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                    • Filename: OneLaunch - Manuals_t5m2z.exe, Detection: malicious, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Q..........." ..0..&...........E... ...`....... ....................................`.................................[E..O....`...............2...$..........hD..T............................................ ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............0..............@..B.................E......H.......4&.......................C........................................(....*..(....*.0....................(....}.....*6.|.....(...+*:.|......(...+*:.|......(...+*2.|....(....*..{....%-.&.|....s.....(....%-.&.{....*"..(....*>..}......}....*..0...........{....o........{....(....*Z..}......}......}....*N.{......{....s ...*N.{.....{.....s ...*v.{.....{....o!....{....s"...*..(....*"..s....*.0.....................s#...*&...s#...*..{$...*"..}$...*.0..F.........{%....Xh}%.....}&.

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Bcl.AsyncInterfaces.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines (321), with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18215
                                                                                                                                                                                                    Entropy (8bit):4.720079384519439
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:XgOpngSae6jWuTPP/xM2fB8qnmltJ5XZzRzgqW81Fu3DRmfCh7sE+siDBQsFaIs7:0FQa+TDm
                                                                                                                                                                                                    MD5:0737B770BA5D854D4887A8F4D9C8DE04
                                                                                                                                                                                                    SHA1:40A8A356D807D71C102C91D68AD1A0AD6E3FDDA6
                                                                                                                                                                                                    SHA-256:CA53D9B1BBEA04C30DB4186B015B7C57DCE7C5ECDF1CFAC9E4AFE9FFCF6910F0
                                                                                                                                                                                                    SHA-512:39A48874D547F714922F4864D3A34C842AC0898B09040796A9046182C093E3CA70F1D20F5D616721129E8D7F6A1F1FDEB3C8277C6BB2EB53B6DC8EA5966003C7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Bcl.AsyncInterfaces</name>.. </assembly>.. <members>.. <member name="T:System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1">.. <summary>Provides the core logic for implementing a manual-reset <see cref="T:System.Threading.Tasks.Sources.IValueTaskSource"/> or <see cref="T:System.Threading.Tasks.Sources.IValueTaskSource`1"/>.</summary>.. <typeparam name="TResult"></typeparam>.. </member>.. <member name="F:System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1._continuation">.. <summary>.. The callback to invoke when the operation completes if <see cref="M:System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1.OnCompleted(System.Action{System.Object},System.Object,System.Int16,System.Threading.Tasks.Sources.ValueTaskSourceOnCompletedFlags)"/> was called before the operation completed,.. or <see cref="F:System.

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.OLE.Interop.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):136792
                                                                                                                                                                                                    Entropy (8bit):6.27629274988875
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:eB4SGu9A07O5tp+zcKow+YhYZq1oj6ii8oDgpyd/v6t8oVZJQAD:eKSv20q5tp+Abw+YhYZq1ojlhvJQq
                                                                                                                                                                                                    MD5:08877FFE07AE1A2561BAC5B9B7832529
                                                                                                                                                                                                    SHA1:6EB64663606A4E1D0248480FB06EAD753094D4C7
                                                                                                                                                                                                    SHA-256:17AE46195415E7441C35EE200CFDD7F70888A1A4B5E5B80190555F234473C2C9
                                                                                                                                                                                                    SHA-512:8FE1B00CD0F9C54E4BAE6597F3669AFD58B07F490EC458A48DA6264026CB001D423B66880050AD7EE63EC12A7A3EE2120C4210C9E8296380677EF598171C1975
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..J...........!......... .......... ........>I. ..............................`.....@.....................................K.......P...............XF........................................................... ............... ..H............text....... ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.OLE.Interop.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (520), with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):440930
                                                                                                                                                                                                    Entropy (8bit):5.127759550925411
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:VypYKpKPvaUWBzg/xpHgxVD3rex3yasEd75w0hJzl+aUe89/wmvrz8gMJGJ9pYXK:rF3kEd75wiJru/wCrz8gMJGJ3T
                                                                                                                                                                                                    MD5:4B7138427A0C03C923051D66B7E375EE
                                                                                                                                                                                                    SHA1:AAC3A0C453ED22084C16FCB4ED5EFA3854904AEC
                                                                                                                                                                                                    SHA-256:E21FD392ADACB7376AF9A6C25E78EB4D46254AB29C5AFAF963909DCBEA21204D
                                                                                                                                                                                                    SHA-512:C16C1573FD418573F8F64E0445834BD3E3287F1DDFC7885F329790176036847AAAEB18DC3AAAC096D757407BEA834308C2327BE8D4C0A31358BF634BF7903CAA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>Microsoft.VisualStudio.OLE.Interop</name>.. </assembly>.. <members>.. <member name="F:Microsoft.VisualStudio.OLE.Interop.BIND_OPTS2.cbStruct">.. <summary>Represents the size of the <see cref="T:Microsoft.VisualStudio.OLE.Interop.BIND_OPTS2" /> structure in bytes.</summary>.. </member>.. <member name="F:Microsoft.VisualStudio.OLE.Interop.BIND_OPTS2.dwClassContext">.. <summary>Represents the class context that is to be used for instantiating the object.</summary>.. </member>.. <member name="F:Microsoft.VisualStudio.OLE.Interop.BIND_OPTS2.dwTickCountDeadline">.. <summary>Represents the clock time in milliseconds.</summary>.. </member>.. <member name="F:Microsoft.VisualStudio.OLE.Interop.BIND_OPTS2.dwTrackFlags">.. <summary>Represents a value that a moniker can use during link tracking.</summary>.. </member>.. <member name="F:Microsoft.VisualStudio.OLE.Interop.BIND_OPT

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.Shell.Interop.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):266008
                                                                                                                                                                                                    Entropy (8bit):6.132716185250674
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:/12Ehityu0E8E9ExE9ElfkoEfE5tD1XMEQ0jEpOtnQlWtX7Eb3enP5wdGmLjZmXr:/fSHJGidFLjZmiSKYG8/FbYF3V6jp
                                                                                                                                                                                                    MD5:EAC1FD535EFF13B35B09D587D625EF1B
                                                                                                                                                                                                    SHA1:F6AFBF7830E4BB04C3D1AF67E1A70892CE41CE06
                                                                                                                                                                                                    SHA-256:52DD34CF681505AB03A48A5CE591ABF1953D4261E01F2BCACD1B80045FE26E83
                                                                                                                                                                                                    SHA-512:2212BBAD1E51D31CA0083477A5CA781FFAEA42DC2D6BBA0A2FB8721B5A6E3D70C2180AE94E5800A6B8BA4434C1FA6DC9B3057303D1146A8DCEB74A8EB982A0A5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Joe Sandbox View:
                                                                                                                                                                                                    • Filename: Kiwi_Syslog_Server_9.8.2.Freeware.setup.exe, Detection: malicious, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... G...........!......... ........... ........@.. ...............................b....@.................................L...O.......P................?........................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.Shell.Interop.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (529), with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1740574
                                                                                                                                                                                                    Entropy (8bit):5.049966346933638
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:6IPiSqOVR54taF/K47KmuOr+yci2fn0FiApCWT1ea7Vw/9aiZWODkUtip/NbVcmc:fdWtic/R
                                                                                                                                                                                                    MD5:D9069D69101F75A43915F7500D670DCC
                                                                                                                                                                                                    SHA1:7565C84D808FF896CBAAAD69A62FA95E32D889B9
                                                                                                                                                                                                    SHA-256:5675A0489FD170D773AE30B278A5020467801D81031258D8E732588826977C7F
                                                                                                                                                                                                    SHA-512:A1437416E0E487EBE13B809462C34789F319BCBFC9B73BDC6818054C9633728D9FFEFB3C57DC4B6753308316B384591C8DAE774EE31C9096358EB138E02CD2C1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>Microsoft.VisualStudio.Shell.Interop</name>.. </assembly>.. <members>.. <member name="F:Microsoft.VisualStudio.Shell.Interop.AllColorableItemInfo.bAutoBackgroundValid">.. <summary>Indicates whether <see cref="F:Microsoft.VisualStudio.Shell.Interop.AllColorableItemInfo.crAutoBackground" /> contains a valid color value. </summary>.. </member>.. <member name="F:Microsoft.VisualStudio.Shell.Interop.AllColorableItemInfo.bAutoForegroundValid">.. <summary>Indicates whether <see cref="F:Microsoft.VisualStudio.Shell.Interop.AllColorableItemInfo.crAutoForeground" /> contains a valid color value. </summary>.. </member>.. <member name="F:Microsoft.VisualStudio.Shell.Interop.AllColorableItemInfo.bDescriptionValid">.. <summary>Indicates the <see cref="F:Microsoft.VisualStudio.Shell.Interop.AllColorableItemInfo.bstrDescription" /> contains a valid description string </summary>.. </member>..

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.TextManager.Interop.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):114688
                                                                                                                                                                                                    Entropy (8bit):5.91450864923579
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:o71yxMGwXWWY7HfCB21HcA+yxUv/gKw8l7355Ee:yAlMJiUHw8tf
                                                                                                                                                                                                    MD5:B6ED0F4FB32D0FC2AD7072B2AF39E6E2
                                                                                                                                                                                                    SHA1:E873CE91823EF931F20C7D1FC9ECA59B69CF07B4
                                                                                                                                                                                                    SHA-256:B9EC0543F9B3F7A6B49020763984753C72DBE67D678C826389578A5097A6D765
                                                                                                                                                                                                    SHA-512:B25259A3F0C95289FF88B8FD89B9CFDD730EB4E399E48B71EA73FF2C492328E0B2D0A10A02C5D6FCDF2C15B4425DE5539A70013283BC3490AD1CD3B13EA05AC3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P..J...........!......... ......>.... ........LI. ....................................@....................................W.......P............................................................................ ............... ..H............text...D.... ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.TextManager.Interop.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (636), with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):829861
                                                                                                                                                                                                    Entropy (8bit):5.002159761339964
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:KfC6OxR3nCLsPE1fyKFsGq2aWxZNB4Q/a23OK3nS:X
                                                                                                                                                                                                    MD5:AA359347E85056F88218307730174C9B
                                                                                                                                                                                                    SHA1:BA6B10B5F031D5A661005FFF0143BEEEF8B03606
                                                                                                                                                                                                    SHA-256:A38C85A3E694A237B66894F7032753D892D33501F7109820EA36690A4B4A5629
                                                                                                                                                                                                    SHA-512:14C0DA54165B71DA7BF5ADEDB4E3CDAAFA2C22E08E11909A2FBA4515EFA4A7D93D82DD10FE72F68B8FB2331DABABBC2181689FCDD75CFB78AFD6956F5EDFB578
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>Microsoft.VisualStudio.TextManager.Interop</name>.. </assembly>.. <members>.. <member name="T:Microsoft.VisualStudio.TextManager.Interop.__PROMPTONLOADFLAGS">.. <summary>Flags to prompt user for an encoding on an open with specified codepage.</summary>.. </member>.. <member name="F:Microsoft.VisualStudio.TextManager.Interop.__PROMPTONLOADFLAGS.codepageNoPrompt">.. <summary>Prompt user.</summary>.. </member>.. <member name="F:Microsoft.VisualStudio.TextManager.Interop.__PROMPTONLOADFLAGS.codepagePrompt">.. <summary>Do not prompt user.</summary>.. </member>.. <member name="T:Microsoft.VisualStudio.TextManager.Interop.__VSFINDBUFFERFLAGS">.. <summary>Indicates that a buffer boundary begins or ends a line, without requiring white space characters in the buffer. </summary>.. </member>.. <member name="F:Microsoft.VisualStudio.TextManager.Interop.__VSFINDBUFFERFLAGS.FINDB

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Core.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):306600
                                                                                                                                                                                                    Entropy (8bit):5.653559725035333
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:JE4DIxId/rUje1mQ9pRFIEIEEIcgCepM1S0LQQs1hPyIEeCku1hLvhbSO0YO5fbf:G4aId/rUje1mQ9pRFIEIEEIcgCepM1Sr
                                                                                                                                                                                                    MD5:6987A428F6F311AB950E1C92A66FB938
                                                                                                                                                                                                    SHA1:1B438F9390CF14059BEEA4E47AE157142329E102
                                                                                                                                                                                                    SHA-256:03DBE9EFF9FA655C5AE7C247E3ED51E1F2A0C9CF3656CBD9461FC4A8D8A0AD15
                                                                                                                                                                                                    SHA-512:BB61231C640A5A7DDA4D6EB51854B5A0D94B633A492FFDEBC11F4DFCCB07905BD0F440D307D0A32637ECCF18C9AB0B6CA2FB236A48802ED7ACABC862D07CF006
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...yd(b.........." ..0.................. ........... ..............................*.....`.................................d...O........................#..........,................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......|O..0P...........................................................0..G.........((...}.......}.......}.......}.......}......|......(...+..|....(*...*..0../........{....- ..{....t....}.......r...p.s+...z.{....*................."..}....*....0../........{....- ..{....t....}.......rZ..p.s+...z.{....*................."..}....*....0../........{....- ..{....t....}.......r...p.s+...z.{....*................."..}....*....0../........{....- ..{....t ...}.......r...p.s+...z.{....*.

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Core.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines (801), with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):337579
                                                                                                                                                                                                    Entropy (8bit):4.640382180669009
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:rVzdEO4am+70Quf4YufqSispK2sSj4Jb2sOE9+VQLtK3il849zZr2QEsvLK6YsY6:rVzdEO4am+7RufDufqSispK2sSj4Jb2s
                                                                                                                                                                                                    MD5:CBD9EB9F9C15662654880A878AFF3D71
                                                                                                                                                                                                    SHA1:107370E14645C5D8B025CDBC8A12D1675506F1E0
                                                                                                                                                                                                    SHA-256:6860C8D8D2AC50A3CEF4D216966D0AD04AD5A1AD9C6B4AC6B18891E2392CC75C
                                                                                                                                                                                                    SHA-512:B741A3DDFD96D3A989AE1868BBC5B338A24243A131975033A32FA005DE642098272E5535F9CD78B735CD65FFB8FB6FCCB9436C7F9B96607E17F605BE2AF37E35
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Web.WebView2.Core</name>.. </assembly>.. <members>.. <member name="T:Microsoft.Web.WebView2.Core.CoreWebView2">.. <summary>.. WebView2 enables you to host web content using the latest Microsoft Edge browser and web technology... </summary>.. <summary>.. WebView2 enables you to host web content using the latest Microsoft Edge browser and web technology... </summary>.. <summary>.. WebView2 enables you to host web content using the latest Microsoft Edge browser and web technology... </summary>.. <summary>.. WebView2 enables you to host web content using the latest Microsoft Edge browser and web technology... </summary>.. <summary>.. WebView2 enables you to host web content using the latest Microsoft Edge browser and web technology... </summary>.

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.WinForms.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35280
                                                                                                                                                                                                    Entropy (8bit):6.325467316141879
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:2TFzTl1XWYTAePHZDgcE05P4Jjrnh2jwSosuTv1JKa5/Zi/6LsubIOzXkSLA6XX/:2TFPHXnPHZDgcE05P4JjrnawSosu71JR
                                                                                                                                                                                                    MD5:2FB1A39DCC9F7311CC2F13C8676325C0
                                                                                                                                                                                                    SHA1:780E7501BB4EEC1D29BEF374442F9697F4403A55
                                                                                                                                                                                                    SHA-256:8BABA0E4A72823E75750FE9F3C92EDACD92BF1771CFF353885F79146C018FCCE
                                                                                                                                                                                                    SHA-512:5C5442D5CFE87B53EB500D14536FFA651F0AC8FB33B4F9A7B5AA7ECBD6C3A751F7940C970EBE6CAAC45C99B5C4BA6E647C3826E49E7D6596E09BA501F415C77E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....UI..........." ..0..X...........v... ........... ..............................N.....`..................................u..O....................b...'...........t..8............................................ ............... ..H............text...$V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B.................v......H........3..T=..........(q..@...ht........................................(....*..{....*>..}......}....*..{....*>..}......}....*..{....*>..}......}....*..{....-%..(.....(......(......s....(....}.....{....*..#.......?}.....(....}.....(.....(S......(..... . ...(....*..,..(....,.*.(....,...(.....{....,..{....o......( ...*.0..>.........( .....}............s!...("...........s!...(#....{....,..{...........s!...o$....{....:.....(#......H...s%...o&....(#......G...s'...o(....(#......J

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.WinForms.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines (366), with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):30837
                                                                                                                                                                                                    Entropy (8bit):4.664180944660611
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:3xJyiPmxW3uyCG4yCGdryCP1OQPpRJFXCfPJehIflP3c1VaGrjP+9cIeL3mk1xKe:3xJyiPwW3uyf4yfdry21OQPpRJFXCfPE
                                                                                                                                                                                                    MD5:FC5746829C51E8F61D2E1BA01DE3F39A
                                                                                                                                                                                                    SHA1:9E1B6EAC8974D4C733644313E637C2E4C4A9BD24
                                                                                                                                                                                                    SHA-256:6317641B65D19BFDE590FBB93A3ADBB88C8A2CCA3F5038912D9FC2A18DA3DEE2
                                                                                                                                                                                                    SHA-512:E7EDDB7CA4D66389001E04B01CE6A0C5DA5A792B26309B98C9CDE20F8F67DEC231958337704431C00F216FDADF3BD03DBD2D0454058C3F4DFFBB510763641B20
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Web.WebView2.WinForms</name>.. </assembly>.. <members>.. <member name="T:Microsoft.Web.WebView2.WinForms.CoreWebView2CreationProperties">.. <summary>.. This class is a bundle of the most common parameters used to create a <see cref="T:Microsoft.Web.WebView2.Core.CoreWebView2Environment"/>... Its main purpose is to be set to <see cref="P:Microsoft.Web.WebView2.WinForms.WebView2.CreationProperties"/> in order to customize the environment used by a <see cref="T:Microsoft.Web.WebView2.WinForms.WebView2"/> during implicit initialization... </summary>.. <remarks>.. This class isn't intended to contain all possible environment customization options... If you need complete control over the environment used by a WebView2 control then you'll need to initialize the control explicitly by.. creating your own environment with <see

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Wpf.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):39848
                                                                                                                                                                                                    Entropy (8bit):6.248013095044449
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:BzXGuETke7fYB3b1K8wDP/ryEH0mBO4JjrDXh2jUfUPLkq7FKKa5/Bi/hGvoAb0m:1X0t7C3JK8wDP/ryEH0mBO4JjrDXaUfV
                                                                                                                                                                                                    MD5:DA51131FDE22E5D412AE475F2CD28142
                                                                                                                                                                                                    SHA1:40D58BC78A29ADE39BDFC3F9BD3EF14ACEBC0306
                                                                                                                                                                                                    SHA-256:BEB930C0EE24EC6DFDA5390E1877EAB80BDFFFC7D582A12105EB8331B0543769
                                                                                                                                                                                                    SHA-512:76B2265EC3896CBDB8F05B7B5E470BC39C474016305E2C2385163E9894E265D8A6604E880F819587C5719E1F9063244218A242737DD902EC6617DF0010132E9C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....|............" ..0..p............... ........... ..............................._....`.................................9...O....................x...#..........d...8............................................ ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............v..............@..B................m.......H........;...M..............@............................................(....*F.~....(....tP...*6.~.....(....*F.~....(....tP...*6.~.....(....*F.~....(....tP...*6.~.....(....*6.t.....}....*..{....-%..(.....(......(......s....(....}.....{....*..0..........r...p.P...(.........(............s....s....(.........r1..p.P...(.........(............s....s....(.........rO..p.P...(.........(............s....s....(.........**.(.......*..{....*"..}....*&(.......*..{....*"..}....*..0......

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Wpf.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with very long lines (361), with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):73847
                                                                                                                                                                                                    Entropy (8bit):4.693543823168815
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:xxpyIP0mLC4uyD/D4yDC4dryG1fPfyl8h/PbxPOZIaPka4PL1uhui1bKnOCfIPr1:xxpyIP0mLC4uyD/D4yDC4dryG1fPfylB
                                                                                                                                                                                                    MD5:5C6A3A21E42E46AA58DAE2714735D751
                                                                                                                                                                                                    SHA1:EB69BA187ECB40538338CECEB65718D536998046
                                                                                                                                                                                                    SHA-256:B06E9083133388501484CAD2CA6EEDCA452184DC6BF9321316835D45C93682C0
                                                                                                                                                                                                    SHA-512:686B707E895AD2380D7FABF4DCD446DC34EBBA4407C501B888B378B40FBEA1BCE75825B0D5C9C8D0979856E49F43ABB14DBA8F5B23B8EAE044E615A4AD88156F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Web.WebView2.Wpf</name>.. </assembly>.. <members>.. <member name="T:Microsoft.Web.WebView2.Wpf.CoreWebView2CreationProperties">.. <summary>.. This class is a bundle of the most common parameters used to create a <see cref="T:Microsoft.Web.WebView2.Core.CoreWebView2Environment"/>... Its main purpose is to be set to <see cref="P:Microsoft.Web.WebView2.Wpf.WebView2.CreationProperties"/> in order to customize the environment used by a <see cref="T:Microsoft.Web.WebView2.Wpf.WebView2"/> during implicit initialization... It is also a nice WPF integration utility which allows commonly used environment parameters to be dependency properties and be created and used in markup... </summary>.. <remarks>.. This class isn't intended to contain all possible environment customization options... If you need complete control over the e

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Newtonsoft.Json.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):700336
                                                                                                                                                                                                    Entropy (8bit):5.9289057284451445
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:Lf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cH:7XNL2PVh6B+Bzjmc
                                                                                                                                                                                                    MD5:6815034209687816D8CF401877EC8133
                                                                                                                                                                                                    SHA1:1248142EB45EED3BEB0D9A2D3B8BED5FE2569B10
                                                                                                                                                                                                    SHA-256:7F912B28A07C226E0BE3ACFB2F57F050538ABA0100FA1F0BF2C39F1A1F1DA814
                                                                                                                                                                                                    SHA-512:3398094CE429AB5DCDECF2AD04803230669BB4ACCAEF7083992E9B87AFAC55841BA8DEF2A5168358BD17E60799E55D076B0E5CA44C86B9E6C91150D3DC37C721
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ..............................f*....`.....................................O.......................................T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........z..<&..................<.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{[....3...{Z......(....,...{Z...*..{\.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Newtonsoft.Json.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):707721
                                                                                                                                                                                                    Entropy (8bit):4.633098680643138
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:XqqUmk/RikFaG0rH3jGHdl0/IBHNpgVIeR0R+CRFo9TA82m5Kj+sJjoqoyO185QA:DUn
                                                                                                                                                                                                    MD5:AD1A946CDBE4FC83907CF558FB80A37F
                                                                                                                                                                                                    SHA1:9B6AB559CCCCE89E989259E356C55BE6E370F1DB
                                                                                                                                                                                                    SHA-256:E3C9CB0CBF4B3BE20B6030F3A4872EDD81E042048D2D19732EAC3EEB9779DC0B
                                                                                                                                                                                                    SHA-512:3BBBD262F3FC669BB0709963788CCCA67E17FE28828FF72CA32F1D6D410A3CF76950D126FEB39F204163EB5B43B07F54BC1DD4DF7F4132933DBB61C054E9C1E0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Newtonsoft.Json</name>.. </assembly>.. <members>.. <member name="T:Newtonsoft.Json.Bson.BsonObjectId">.. <summary>.. Represents a BSON Oid (object id)... </summary>.. </member>.. <member name="P:Newtonsoft.Json.Bson.BsonObjectId.Value">.. <summary>.. Gets or sets the value of the Oid... </summary>.. <value>The value of the Oid.</value>.. </member>.. <member name="M:Newtonsoft.Json.Bson.BsonObjectId.#ctor(System.Byte[])">.. <summary>.. Initializes a new instance of the <see cref="T:Newtonsoft.Json.Bson.BsonObjectId"/> class... </summary>.. <param name="value">The Oid value.</param>.. </member>.. <member name="T:Newtonsoft.Json.Bson.BsonReader">.. <summary>.. Represents a reader that provides fast, non-cached, forward-only access to s

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.Buffers.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20856
                                                                                                                                                                                                    Entropy (8bit):6.425485073687783
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e
                                                                                                                                                                                                    MD5:ECDFE8EDE869D2CCC6BF99981EA96400
                                                                                                                                                                                                    SHA1:2F410A0396BC148ED533AD49B6415FB58DD4D641
                                                                                                                                                                                                    SHA-256:ACCCCFBE45D9F08FFEED9916E37B33E98C65BE012CFFF6E7FA7B67210CE1FEFB
                                                                                                                                                                                                    SHA-512:5FC7FEE5C25CB2EEE19737068968E00A00961C257271B420F594E5A0DA0559502D04EE6BA2D8D2AAD77F3769622F6743A5EE8DAE23F8F993F33FB09ED8DB2741
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ....................................@..................................B..O....`..@...............x#...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.Buffers.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (727), with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3481
                                                                                                                                                                                                    Entropy (8bit):4.808701688265429
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:1Sm9iVH4cK4bSrh4st9Y9TS7AilqqZw37EeKB+ZPZk:1Sm9iecnWrue8ildZw3QD+ZPZk
                                                                                                                                                                                                    MD5:1C55860DD93297A6EA2FAD2974834C3A
                                                                                                                                                                                                    SHA1:7F4069341C6B62ECFC999A6C2D8A2D5FB59D44F6
                                                                                                                                                                                                    SHA-256:2EC7FB12E11F9831E40524427F6D88A3C9FFDD56CCFA81D373467B75B479A578
                                                                                                                                                                                                    SHA-512:37FA5D4553CA3165F10E2FFEF38FEFC0DBA4A2DBFA05AB9F09AB87B5F71F30E6D965D2F833F58B50B3BC2529EBE8FB5CC431C264F7B47AD026F5C5A874A6ADA1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Buffers</name>.. </assembly>.. <members>.. <member name="T:System.Buffers.ArrayPool`1">.. <summary>Provides a resource pool that enables reusing instances of type <see cref="T[]"></see>.</summary>.. <typeparam name="T">The type of the objects that are in the resource pool.</typeparam>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.#ctor">.. <summary>Initializes a new instance of the <see cref="T:System.Buffers.ArrayPool`1"></see> class.</summary>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.Create">.. <summary>Creates a new instance of the <see cref="T:System.Buffers.ArrayPool`1"></see> class.</summary>.. <returns>A new instance of the <see cref="System.Buffers.ArrayPool`1"></see> class.</returns>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.Create(System.Int32,System.Int32)">.. <summary>Creates a new instance of the <see

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.Memory.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):141184
                                                                                                                                                                                                    Entropy (8bit):6.115495759785268
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:IUGrszKKLBFa9DvrJGeesIf3afNs2AldfI:jBFd3/aFs2
                                                                                                                                                                                                    MD5:6FB95A357A3F7E88ADE5C1629E2801F8
                                                                                                                                                                                                    SHA1:19BF79600B716523B5317B9A7B68760AE5D55741
                                                                                                                                                                                                    SHA-256:8E76318E8B06692ABF7DAB1169D27D15557F7F0A34D36AF6463EFF0FE21213C7
                                                                                                                                                                                                    SHA-512:293D8C709BC68D2C980A0DF423741CE06D05FF757077E63986D34CB6459F9623A024D12EF35A280F50D3D516D98ABE193213B9CA71BFDE2A9FE8753B1A6DE2F0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`............@.................................X...O.... ..0................#...@...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.Memory.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13950
                                                                                                                                                                                                    Entropy (8bit):4.749162715500682
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:19SSrAVfjSE0wxiMiLiLiXdCjticiciAiJiziPNjNei5i9zhi+ipOUTJ:1gbXKKXppPmcPi6LmJ
                                                                                                                                                                                                    MD5:ADD19745A43B2515280CE24671863114
                                                                                                                                                                                                    SHA1:CF44E6557FDE93288FF2567A002A69279965CABA
                                                                                                                                                                                                    SHA-256:D5714C96607EB1A9D0F90F57CA194D8A9C3EDE0656A1D1F461E78B209F054813
                                                                                                                                                                                                    SHA-512:8D7E564FA61411B5C28F29B07855DD112687EDCB39B991803C7C7DE67B6894B309102AC9B52409B56B7BB5C9101EB4CDFB21FCFBF5D835E4A153E188CB97CC87
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Memory</name>.. </assembly>.. <members>.. <member name="T:System.Span`1">.. <typeparam name="T"></typeparam>.. </member>.. <member name="M:System.Span`1.#ctor(`0[])">.. <param name="array"></param>.. </member>.. <member name="M:System.Span`1.#ctor(System.Void*,System.Int32)">.. <param name="pointer"></param>.. <param name="length"></param>.. </member>.. <member name="M:System.Span`1.#ctor(`0[],System.Int32)">.. <param name="array"></param>.. <param name="start"></param>.. </member>.. <member name="M:System.Span`1.#ctor(`0[],System.Int32,System.Int32)">.. <param name="array"></param>.. <param name="start"></param>.. <param name="length"></param>.. </member>.. <member name="M:System.Span`1.Clear">.. .. </member>.. <member name="M:System.Span`1.CopyTo(System.Span{`0})">.. <param name="destination"></param>.. </mem

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.Numerics.Vectors.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):115856
                                                                                                                                                                                                    Entropy (8bit):5.631610124521223
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS
                                                                                                                                                                                                    MD5:AAA2CBF14E06E9D3586D8A4ED455DB33
                                                                                                                                                                                                    SHA1:3D216458740AD5CB05BC5F7C3491CDE44A1E5DF0
                                                                                                                                                                                                    SHA-256:1D3EF8698281E7CF7371D1554AFEF5872B39F96C26DA772210A33DA041BA1183
                                                                                                                                                                                                    SHA-512:0B14A039CA67982794A2BB69974EF04A7FBEE3686D7364F8F4DB70EA6259D29640CBB83D5B544D92FA1D3676C7619CD580FF45671A2BB4753ED8B383597C6DA8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ..............................DF....@.................................f...O........................>.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.Numerics.Vectors.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):183484
                                                                                                                                                                                                    Entropy (8bit):4.7848212109760935
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:azQgQfMzpKGPqMGFY3lF8YzA2HrYJtJZJ9JaGf4AscoqrbuC4BqaiaIacasa7c1E:azafMDl4LfX3MIg+QDB
                                                                                                                                                                                                    MD5:95DD29CA17B63843AD787D3BC9C8C933
                                                                                                                                                                                                    SHA1:1A937009A92B034EDB168CFAC0EC1C353BE8F58E
                                                                                                                                                                                                    SHA-256:AE2C3DE9AD57D7091D9F44DCDEE3F88ECCF2BA7CB43ADC9BB24769154A532DC7
                                                                                                                                                                                                    SHA-512:8E9397816D3435CCF79F1BF07B482473A7DD3B570BCE003639F2E9FA1C5FE31C4B9400B68F191A36251A59C0253EF9E09039FDD63BA2205D379B3C582E603499
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Numerics.Vectors</name>.. </assembly>.. <members>.. <member name="T:System.Numerics.Matrix3x2">.. <summary>Represents a 3x2 matrix.</summary>.. </member>.. <member name="M:System.Numerics.Matrix3x2.#ctor(System.Single,System.Single,System.Single,System.Single,System.Single,System.Single)">.. <summary>Creates a 3x2 matrix from the specified components.</summary>.. <param name="m11">The value to assign to the first element in the first row.</param>.. <param name="m12">The value to assign to the second element in the first row.</param>.. <param name="m21">The value to assign to the first element in the second row.</param>.. <param name="m22">The value to assign to the second element in the second row.</param>.. <param name="m31">The value to assign to the first element in the third row.</param>.. <param name="m32">The value to assign to the second element in th

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):18024
                                                                                                                                                                                                    Entropy (8bit):6.343772893394079
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:EybU8ndrbbT9NWB2WL/uPHRN7bhlsQVryo:Ey5ndvWbMPVryo
                                                                                                                                                                                                    MD5:C610E828B54001574D86DD2ED730E392
                                                                                                                                                                                                    SHA1:180A7BAAFBC820A838BBACA434032D9D33CCEEBE
                                                                                                                                                                                                    SHA-256:37768488E8EF45729BC7D9A2677633C6450042975BB96516E186DA6CB9CD0DCF
                                                                                                                                                                                                    SHA-512:441610D2B9F841D25494D7C82222D07E1D443B0DA07F0CF735C25EC82F6CCE99A3F3236872AEC38CC4DF779E615D22469666066CCEFED7FE75982EEFADA46396
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ksa...........!.................6... ...@....@.. ....................................@..................................6..K....@..............."..h$...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......D%..<...................P ......................................_...+.'g.......x2..}}...B.O....T...e..?.M..R"M.~pg..c..LD#..y.....y....:u.v*...#.;.-.h.......0..#.....a5|T%W...].!.%'..9.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.Runtime.CompilerServices.Unsafe.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20529
                                                                                                                                                                                                    Entropy (8bit):4.731043104619016
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:Y/uXukudyvmB0fmkcdZKyQe1EyriJriurs8rsF9vVwFaFDJOeOtOEKFzUxRkj1r:Y/ApEwmafmkcdZbQe1EyriJriurs8rsR
                                                                                                                                                                                                    MD5:C782E92ABBFC0531226F735C6AC56498
                                                                                                                                                                                                    SHA1:2586FDBEB6D1E11D4CECD5B3E8387A18C7B4D350
                                                                                                                                                                                                    SHA-256:39C2D4A63A186D423E9C866F4D3E9A6ACBA0103398F20BAF8B92A38744894215
                                                                                                                                                                                                    SHA-512:A12B6807695C9C626DE9602ABC6DF72BCC5E869A29C7111E956034F321436E7C50EA36ED5EC5B6F93A639AE0F7AEA93953E91AE557BF423A749B036C7252A7B9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Runtime.CompilerServices.Unsafe</name>.. </assembly>.. <members>.. <member name="T:System.Runtime.CompilerServices.Unsafe">.. <summary>Contains generic, low-level functionality for manipulating pointers.</summary>.. </member>.. <member name="M:System.Runtime.CompilerServices.Unsafe.Add``1(``0@,System.Int32)">.. <summary>Adds an element offset to the given reference.</summary>.. <param name="source">The reference to add the offset to.</param>.. <param name="elementOffset">The offset to add.</param>.. <typeparam name="T">The type of reference.</typeparam>.. <returns>A new reference that reflects the addition of offset to pointer.</returns>.. </member>.. <member name="M:System.Runtime.CompilerServices.Unsafe.Add``1(``0@,System.IntPtr)">.. <summary>Adds an element offset to the given reference.</summary>.. <param name="source">The reference to add the of

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Encodings.Web.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):76904
                                                                                                                                                                                                    Entropy (8bit):6.044596523315333
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:HOOuOOOoODVoXY9BnEf8uOxvW8hYEWroNFMRwkTuMd:VDGXmnEUuOx+8KEWrobMRzuq
                                                                                                                                                                                                    MD5:BA1AF3BBFF4D457B6D3F730234C3C701
                                                                                                                                                                                                    SHA1:1B75BC14DAA093502C7C5814852928E28AB6659A
                                                                                                                                                                                                    SHA-256:78EB5B4FEE580E163D1BEA1FDB7D371FDFCFD30ACD8708FF62C4372AAA219F7C
                                                                                                                                                                                                    SHA-512:51895C9B0EDE088B034C581AB4574A36F80E41F2B04186B3C066B6D72DA85680E00EA5E07DC9C89DB7D997C1AD3D9686ACCDC827859EAAB2918376C4C9E469B2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............v.... ... ....... .......................`............`.................................#...O.... ..................h$...@......8...T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................W.......H........l..T...........0.................................................('...*..('...*..('...*^.('......7...%...}....*:.('.....}....*:.('.....}....*:.('.....}....*^.('......8...%...}....*:.('.....}....*.0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X((.....R...((.....d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X().... ...._.S...().....d.S*..0..&.........+....(*...G...Z.(......X....(+...2.*...0....................(+.....1...(+....Z.9.....(...+

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Encodings.Web.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (347), with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):62941
                                                                                                                                                                                                    Entropy (8bit):5.113786858273216
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:Yc32SgYGYofQhYLJkiBkN3/Ky7pkG05HaTwoIIMZpq/YbTbBnRE1Cd8PBdl+Y0TE:Y9fJvkNxwoIIMZxE1Cr0Md3wh7te4
                                                                                                                                                                                                    MD5:ACC8AF8D28DC65488D1C49DEFD8EA153
                                                                                                                                                                                                    SHA1:1EECE92A2F2E40DE4AFB43F7A5CAEC9A3B384B87
                                                                                                                                                                                                    SHA-256:0772B7895A1FEA1D3BBEE2ED2F5200EF4F9EB38B22C3D00B5405325BE9D8A7CD
                                                                                                                                                                                                    SHA-512:452669AFF783AC248394838083695BD6CE45CB1B41FC512C7F3C7039D49D9E40C24F51A2255BAE3AC6F2E01388A54EC1F17092566CE808C70F3FC599ADA9734A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Text.Encodings.Web</name>.. </assembly>.. <members>.. <member name="T:System.Text.Encodings.Web.HtmlEncoder">.. <summary>Represents an HTML character encoding.</summary>.. </member>.. <member name="M:System.Text.Encodings.Web.HtmlEncoder.#ctor">.. <summary>Initializes a new instance of the <see cref="T:System.Text.Encodings.Web.HtmlEncoder" /> class.</summary>.. </member>.. <member name="M:System.Text.Encodings.Web.HtmlEncoder.Create(System.Text.Encodings.Web.TextEncoderSettings)">.. <summary>Creates a new instance of the HtmlEncoder class with the specified settings.</summary>.. <param name="settings">Settings that control how the <see cref="T:System.Text.Encodings.Web.HtmlEncoder" /> instance encodes, primarily which characters to encode.</param>.. <exception cref="T:System.ArgumentNullException">.. <paramref name="settings" /> is <see langword="null" />.<

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Json.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):513128
                                                                                                                                                                                                    Entropy (8bit):5.971511220770579
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:heoAhNgjkMq00CYjhlfKtgYytHVZ8kJ5LXrB+kSo/Y6dHC5tbRktxi/UE:hdAhNgjkMq00CYjhlfKtgYytHVZ8kJV4
                                                                                                                                                                                                    MD5:0894F9DB9EFAF98FF96625A7553806A4
                                                                                                                                                                                                    SHA1:19A983154516BB9542566B80F214AEC4657935DE
                                                                                                                                                                                                    SHA-256:E51AB157565C648CCDF3B003937FE991ABDD1A03E53A7E58BA1F6505097CB082
                                                                                                                                                                                                    SHA-512:27540D1F49D543C961DB74EE35C41575E0BB4AC7BBC1A6FADAAFA7509C819BEEE0DDA525CD3978141327043DDD63378EDA83FD9566DE9623D46847814D195B3F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............B.... ........... ....................... ............`....................................O.......................h$..............T............................................ ............... ..H............text...P.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................!.......H............>...........U...f............................................(H...*..(H...*..(H...*^.(H..........%...}....*:.(H.....}....*:.(H.....}....*:.(H.....}....*....0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(I.....R...(I.....d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(J.... ...._.S...(J.....d.S*..0..&.........+....(K...G...Z.(......X....(L...2.*...0..............n.....(L.....1...(L....Z.......(...+.+...(L....Z........sN..............

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Json.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):457799
                                                                                                                                                                                                    Entropy (8bit):4.895083548380783
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6144:rKbxzXvvHMtFJWxEXjqM6xwFHibdBvYJgP4aqKiO6z0GYQYEu:VtFXjqNwFQ
                                                                                                                                                                                                    MD5:48DCE2A80E6612C98E895CCCFFDFDD06
                                                                                                                                                                                                    SHA1:6FC93E474AA32491BCB53A1A9DC1BC1C40B23F3A
                                                                                                                                                                                                    SHA-256:8499B6FFB77447FCB124DBFD0964E92267E14B3796A27FFC62A1B0FF04340575
                                                                                                                                                                                                    SHA-512:17FC851264162A29D3D36F6622A66DCD7CF435CDEE862DF86CDC0976357A126944775C538A5B8A25E9A385CE36C07EA73FE2BE5275EECF3C0F57044C063C2194
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Text.Json</name>.. </assembly>.. <members>.. <member name="T:System.Text.Json.JsonCommentHandling">.. <summary>Defines how the <see cref="T:System.Text.Json.Utf8JsonReader" /> struct handles comments.</summary>.. </member>.. <member name="F:System.Text.Json.JsonCommentHandling.Allow">.. <summary>Allows comments within the JSON input and treats them as valid tokens. While reading, the caller can access the comment values.</summary>.. </member>.. <member name="F:System.Text.Json.JsonCommentHandling.Disallow">.. <summary>Doesn't allow comments within the JSON input. Comments are treated as invalid JSON if found, and a <see cref="T:System.Text.Json.JsonException" /> is thrown. This is the default value.</summary>.. </member>.. <member name="F:System.Text.Json.JsonCommentHandling.Skip">.. <summary>Allows comments within the JSON input and ignores them. The <see cref="T

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.Threading.Tasks.Extensions.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):25984
                                                                                                                                                                                                    Entropy (8bit):6.291520154015514
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:1R973o62/KqcAnb05J3w0I5eUGef8s72XBWdvVW2JW8aJcyHRN7WEimpplex:1RZ4nNxnYTb6Blha
                                                                                                                                                                                                    MD5:E1E9D7D46E5CD9525C5927DC98D9ECC7
                                                                                                                                                                                                    SHA1:2242627282F9E07E37B274EA36FAC2D3CD9C9110
                                                                                                                                                                                                    SHA-256:4F81FFD0DC7204DB75AFC35EA4291769B07C440592F28894260EEA76626A23C6
                                                                                                                                                                                                    SHA-512:DA7AB8C0100E7D074F0E680B28D241940733860DFBDC5B8C78428B76E807F27E44D1C5EC95EE80C0B5098E8C5D5DA4D48BCE86800164F9734A05035220C3FF11
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..8...........V... ...`....... ....................................@..................................V..O....`...............B...#..........PU............................................... ............... ..H............text....6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H........0...$...................T........................................(....*..(....z..(....z2.(....s....*2.(....s....*:........o....*.~....*~.-..(......}......}......}....*~.-..(......}......}......}....*Z..}......}......}....*J.{....%-.&.*o....*^.u....,........(....*.*~.{.....{....3..{.....{......*.*&...(....*2...(.......*....0..'........{......,..u....%-.&..(...+(....*(....*n.{....,..(....s....*.q....*..0..a.........{....o0.....,;..{....o2...(......;...3.~.......s......

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.Threading.Tasks.Extensions.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10147
                                                                                                                                                                                                    Entropy (8bit):4.891178331598223
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:1/elWY3f207pbNcYDLna8MMOOXzHMfHuHoLob+OoMuJkfYSiffiWje0seJme0seM:1/2d207pbNc2na8MMOOXzHMfHQoLob+N
                                                                                                                                                                                                    MD5:C89E735FCF37E76E4C3D7903D2111C04
                                                                                                                                                                                                    SHA1:3C0F1F09C188D8C74B42041004ECE59BBD6F0F56
                                                                                                                                                                                                    SHA-256:975A9555F561B363C3E02FD533F6BF7083AA11BBC7CBF2B46C31DF3D3696B97B
                                                                                                                                                                                                    SHA-512:DEBDD8D0ED2FF6AD7B175ACFEB1681B1A68EEEDD6D717E20E6AC5E0D11C13A1219B4D60F9319939C63BF4B53456328531369F4A9FFF5B201475858310E385007
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Threading.Tasks.Extensions</name>.. </assembly>.. <members>.. <member name="T:System.Runtime.CompilerServices.ValueTaskAwaiter`1">.. <typeparam name="TResult"></typeparam>.. </member>.. <member name="M:System.Runtime.CompilerServices.ValueTaskAwaiter`1.GetResult">.. <returns></returns>.. </member>.. <member name="P:System.Runtime.CompilerServices.ValueTaskAwaiter`1.IsCompleted">.. <returns></returns>.. </member>.. <member name="M:System.Runtime.CompilerServices.ValueTaskAwaiter`1.OnCompleted(System.Action)">.. <param name="continuation"></param>.. </member>.. <member name="M:System.Runtime.CompilerServices.ValueTaskAwaiter`1.UnsafeOnCompleted(System.Action)">.. <param name="continuation"></param>.. </member>.. <member name="T:System.Threading.Tasks.ValueTask`1">.. <summary>Provides a value type that wraps a <see cref="Task{TResult}"></see> and

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.ValueTuple.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):25232
                                                                                                                                                                                                    Entropy (8bit):6.672539084038871
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:VyPa16oAL4D+wW9IWmDIW4IWYDMFm0GftpBjMIraQHRN7VlmTpF0:VWs6oqDjADKeDYViG+LN
                                                                                                                                                                                                    MD5:23EE4302E85013A1EB4324C414D561D5
                                                                                                                                                                                                    SHA1:D1664731719E85AAD7A2273685D77FEB0204EC98
                                                                                                                                                                                                    SHA-256:E905D102585B22C6DF04F219AF5CBDBFA7BC165979E9788B62DF6DCC165E10F4
                                                                                                                                                                                                    SHA-512:6B223CE7F580A40A8864A762E3D5CCCF1D34A554847787551E8A5D4D05D7F7A5F116F2DE8A1C793F327A64D23570228C6E3648A541DD52F93D58F8F243591E32
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Antivirus:
                                                                                                                                                                                                    • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                    • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.............b2... ...@....... ...............................H....@..................................2..O....@...............$...>...`......x1............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................B2......H........!..T....................0......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r[..p.(....*B.....(.........*.BSJB............v4.0.30319......l...4...#~..........#Strings....t.......#US.@.......

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\System.ValueTuple.xml

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):142
                                                                                                                                                                                                    Entropy (8bit):4.391770241438592
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:vFWWMNHUz6GbC/0tFFNu7WRtLz3hAbS9/FFNrGMH/xtgGM8Xby:TMV06GbSWVVR+SXNffgp8Xby
                                                                                                                                                                                                    MD5:B6E60687AE5DB6D011E21E6993620745
                                                                                                                                                                                                    SHA1:B117C6BBDDC72E7F4B590173992EE17BFDDE4BE1
                                                                                                                                                                                                    SHA-256:C37E163FA76629C196460C7B4D54E95B1A46A4C66AB7B6F3311959C8137DC5F1
                                                                                                                                                                                                    SHA-512:709212B6CB36F57B92A82DEF810F9C075A91B3E6A5FD330DCFB563D94A320783509441347D63BDE97F530C6B10CE6AA769CA11F7FC39ACF1B25D5C8F9DCBB389
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>System.ValueTuple</name>.. </assembly>.. <members>.. </members>..</doc>..

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\Uninstall.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):119808
                                                                                                                                                                                                    Entropy (8bit):6.3234870718793195
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:NWmoWcZQfmGltwBiJWSIrRM7DcVfu7o4r:NWlWcZQfQisDKDcV27t
                                                                                                                                                                                                    MD5:7AE89C6074B7CF3D03081EA6616D873B
                                                                                                                                                                                                    SHA1:7294758911932FF6885521103BAF631ACBDA21BC
                                                                                                                                                                                                    SHA-256:AE326F86AA8BBB88831B0339C820859467EF910DADED5B430DC88DA97D203772
                                                                                                                                                                                                    SHA-512:B33EBAB1F4446CE2E339E1D9C6D781BAEB2104A97FF098DAE384FEDF98FC2FEB752B8231F1D33F0AAFBB757F48DA7BD7D1924FA0F8C2ED7A188A6AD984FB7C21
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t._S...............2.8...................`....@.....................................................................................D...........................................................................t................................code.../........................... ..`.text...`$...0...&.................. ..`.rdata.......`.......<..............@..@.data...xm.......d...X..............@....rsrc...D...........................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\app.publish\BotMaster.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2941952
                                                                                                                                                                                                    Entropy (8bit):4.368119490757434
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12288:fhx7siRe9fEtTMd+8MIKJEz8Jfy5/uYSuwCV8YB09YnlzQ:fXDkxEtgc8PKuaCVHZl
                                                                                                                                                                                                    MD5:895F3A548FD8FA6FD1355AF6D218DA2C
                                                                                                                                                                                                    SHA1:F45065862543B4834B525AC235672D4B11F67EC9
                                                                                                                                                                                                    SHA-256:14A2312F1485E3B0ACD96127083BCA19DCA2988842DAE4928F7EDFE6CB2B47C4
                                                                                                                                                                                                    SHA-512:55DC3094822C57562C9761DC66B79799B5CFD1829AE81B82AE6AD5ECF545D1E5A11D7B522B182046FB98920D4CEE6E8106DB45ED8BFCF53FBEF6CF8AFE3EC774
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..d.........."...P..2(.........bP(.. ...`(...@.. .......................@-...........`..................................P(.O....`(.p.................... -......N(.............................................. ............... ..H............text...h0(.. ...2(................. ..`.rsrc...p....`(......4(.............@..@.reloc....... -.......,.............@..B................DP(.....H............................G...........................................0............("...(#.........(.....o$....*.....................(%......(&......('......((......()....*N..(....o....(*....*&..(+....*.s,........s-........s.........s/........s0........*....0...........~....o1....+..*.0...........~....o2....+..*.0...........~....o3....+..*.0...........~....o4....+..*.0...........~....o5....+..*.0..<........~.....(6.....,!r...p.....(7...o8...s9............~.....+..*.0......

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-arm64\native\WebView2Loader.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) Aarch64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):127912
                                                                                                                                                                                                    Entropy (8bit):6.024496413707989
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:FloHrOPzv4t1hmtcGXrGv8QitveGIsWLdgVWTF9EtzeW+CzX3i:FloH67v4tCe42G4gVWT/Et6WTbS
                                                                                                                                                                                                    MD5:0A21E14E0999C7E5AE8A74E6895AD694
                                                                                                                                                                                                    SHA1:F33769B32EF692360875347BFA5050FA69402617
                                                                                                                                                                                                    SHA-256:DAC2C67E5A21BA0A40A1A3ECDC9B7723708F10F5ECAB26F2DDB729C2E27396CA
                                                                                                                                                                                                    SHA-512:218D54CEE7ADC3A1C2578DF7BDEB95766EC97E602E3A381FE8E3DE5E33478FB9ECE71666DD4F1DB2416279F46A34B8BFDA5831930A2251256628162526B4A1E8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....'b.........." .................M.......................................0......f.....`A........................................i.......[...(............... ........#... ......L..........................(...01..8.......................`....................text...@........................... ..`.rdata.......0......................@..@.data...............................@....pdata.. ...........................@..@.00cfg..............................@..@.tls................................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-x64\native\WebView2Loader.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):141224
                                                                                                                                                                                                    Entropy (8bit):6.131071018313368
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:JVl3u395AFm23fMZamo5Ha/9V8mgg2esFTGEtBnezYSi1g:lYAFmKyazpa/9JBEtUz7
                                                                                                                                                                                                    MD5:72CC22CBDEE3A60C042D0EACFAC7FED9
                                                                                                                                                                                                    SHA1:CBEFAAEA857FECD3EFC42E983B63F91F0FEF6F96
                                                                                                                                                                                                    SHA-256:184574B9C36B044888644FC1F2B19176E0E76CCC3DDD2F0A5F0D618C88661F86
                                                                                                                                                                                                    SHA-512:CBD49DDD2D9B613B439A5FC7426ABFF32678D358EC91271F50B525FDD382297538EA1C91CA74FF4390CCC8A4C4A2B617B77E318AD1F3042A3B41A4F4DE1AA258
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....'b.........." ..... ..........0D..............................................5h....`A....................................................(....`...................#...p......d...8.......................(....1..8...........`.......(...`....................text...5........ .................. ..`.rdata..|....0.......$..............@..@.data...............................@....pdata..............................@..@.00cfg..(.... ......................@..@.tls.........0......................@....voltbl.>....@.........................._RDATA.......P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-x86\native\WebView2Loader.dll

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):110504
                                                                                                                                                                                                    Entropy (8bit):6.4357259807044045
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:UykiJ1Z1K95jvS8BBw/qZqocqQThEt9WSt6MlNMl:zkiHTMBBaNEtUS9lNMl
                                                                                                                                                                                                    MD5:CE8EAE228C99ECD86B3037288691D0B9
                                                                                                                                                                                                    SHA1:E3C45F525BADA976BED38C8A3E9492D6FF2FC9BC
                                                                                                                                                                                                    SHA-256:D493120AFE447E1BFE78B40FD0CEE82549009E39F999DA2F52B565DCDF69E7D5
                                                                                                                                                                                                    SHA-512:848751125F008722B4391DCAF71ECDAEB6456F007B2796D613F2F07B7F176F6697D62D18752DB0675AB70AD1E7C237C0B7655F553820D8309300BFE1B0E54886
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....'b.........."!................@>....................................................@A........................M_......?`..(........................#..........D\.......................Y......`................a..<....]..`....................text............................... ..`.rdata...n.......p..................@..@.data........p.......d..............@....00cfg...............n..............@..@.tls.................p..............@....voltbl.H............r...................rsrc................t..............@..@.reloc...............z..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\uninstall.dat

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4617
                                                                                                                                                                                                    Entropy (8bit):5.063666968117584
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:e8lCMzCKDiIQlCLC7JCfCgqCBZCZVZGZRZ+Z5ZyZlZHjZHwZHdZHKZHHZH8ncv0w:LH+aM3QDoL8H1qf0ZdkUYa
                                                                                                                                                                                                    MD5:E5AE2B499F02906D83620661D0FCCECA
                                                                                                                                                                                                    SHA1:EADB379FF8C8130D54CA3B76EBB8DBEE7064D86B
                                                                                                                                                                                                    SHA-256:7F21A33C61C7BA001CDDD9B22D1C2AD08B6265F4848A5C2774A42E7231E956A3
                                                                                                                                                                                                    SHA-512:C71D03B6B6B867DAB561ADD820E601AF58717C00634022A6A7B934F85E06D4062DE50B277943E812B0AE5E6C4CEFEE0EDA9BAE5AADC030622548A188BB6DBA95
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....Bot Master..5.8....C:\Program Files (x86)\Bot Master\Bot Master\..9...#DF..C:\Program Files (x86)\Bot Master\Bot Master\app.publish\BotMaster.exe..#DF..C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.application..#DF..C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe..#DF..C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe.config..#DF..C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe.manifest..#DF..C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.pdb..#DF..C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.xml..#DF..C:\Program Files (x86)\Bot Master\Bot Master\Languages\English.json..#DF..C:\Program Files (x86)\Bot Master\Bot Master\Languages\Espa.ol.json..#DF..C:\Program Files (x86)\Bot Master\Bot Master\Languages\Fran.ais.json..#DF..C:\Program Files (x86)\Bot Master\Bot Master\Languages\indonesia.json..#DF..C:\Program Files (x86)\Bot Master\Bot Master\Languages\Portugu.s.json..#DF..C:\Program Files (x86)\Bot Master\Bot Master\Microso

                                                                                                                                                                                                    C:\Program Files (x86)\Bot Master\Bot Master\uninstall_l.ifl

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3006
                                                                                                                                                                                                    Entropy (8bit):4.906329518650122
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:KSH5mNWUm8/7UzY8Dmwwn0VYNv7TO4L/kpLlpfX9+XD/Vyx2IBGG+KX2ihd8rdpF:bZhUP/7UURn55Tf/ipX9+XrVmRtX38
                                                                                                                                                                                                    MD5:DC51022CF78C9B519F2058983A773119
                                                                                                                                                                                                    SHA1:56BF6AAE50122301617CDAA7C5002C38FA1571A1
                                                                                                                                                                                                    SHA-256:93E28A5125B4864773F53D1C5F87C1756EFA0C2D60D5C3FD6B34AA920080F568
                                                                                                                                                                                                    SHA-512:DFAC8474BF7724B000A530B76152F75E146AE490D7F3D1F4960247226663EF738C88000A2B3C033BF626348DB4B33D7B26E0202B840052D80FF6C36BB8E089AA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview://(C) 2006 Forgesoft..//English language file for InstallForge.....[Main]..Title=<appname> Setup....[Gadgets]..NextBtn = Next >..CancelBtn = Cancel..BackBtn = < Back..FinishBtn = Finish..BrowseBtn = Browse.....AcceptOptn = I accept the agreement..DoNotAcceptOptn = I do not accept the agreement..CreateDesktopIconCbx = Create desktop icon..CreateStartMenuFolderCbx = Create start menu folder..LaunchProgramCbx = Launch..RebootCbx = Reboot computer now..DestinationFolderFR3 = Destination Folder..SelAppFolder=Select Application Folder:..SelStartMenuFolder=Select Start Menu Folder:....[Messages]..ExitSetupH = Exit Setup..ExitSetup = Do you want to abort the installation?..CouldNotExtractFileH = Error..CouldNotExtractFile = Could not extract file!....[Start]..Title = Welcome to the <appname> Setup Wizard..Text = This will install <appname> <appversion> on your computer. It is recommended that you close all other applications before continuing. Click Next to continue.....[LicenceAgreement]..Hea

                                                                                                                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1310720
                                                                                                                                                                                                    Entropy (8bit):1.307337024576366
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrH:KooCEYhgYEL0In
                                                                                                                                                                                                    MD5:BDF71D7BF5138654D52267051D9CF764
                                                                                                                                                                                                    SHA1:50F91D188AA1B894A892CFFA4269712546739AA1
                                                                                                                                                                                                    SHA-256:1B77415B3A5894212583A5AF922D5ED79492690BF3F0B9EB7087B0ED37E860BB
                                                                                                                                                                                                    SHA-512:4BE880F9F34B26C21E81E3ED10094C06DD89BA1EBE03AA2B3CDF352A0D2A8470B0B44B446CAFB803AF9F95466B646BD50B67C4C8E1D883826409DE52952FB7EC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                    File Type:Extensible storage engine DataBase, version 0x620, checksum 0x3bee8421, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1310720
                                                                                                                                                                                                    Entropy (8bit):0.4221067874410847
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:5SB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:5aza/vMUM2Uvz7DO
                                                                                                                                                                                                    MD5:2C531EFE947B76FFD9312D2F8B67BC36
                                                                                                                                                                                                    SHA1:4B6E2752EB5F414940C0994B25C1B055E6C0BB51
                                                                                                                                                                                                    SHA-256:D888786C2F3848AF1A2E3232AAAABB92285961A426CF5CC7DD26A1D48E515778
                                                                                                                                                                                                    SHA-512:913E5665820E4D1E31BA2ABF245E4954CB563362F50B2EA2D0DF7E8E5CE636ADD8C35039B01E52154CEA8DC42A2BE16DCB20D3BB19029B24A21EFFCAC3DE193B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:;.!... .......A.......X\...;...{......................0.!..........{A......|!.h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{...........................................|....................%.....|!..........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16384
                                                                                                                                                                                                    Entropy (8bit):0.07556428250951303
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:h6YeSezqlvjn13a/4evLxltallcVO/lnlZMxZNQl:h6zilv53qFv4Oewk
                                                                                                                                                                                                    MD5:57C4F866974DCC4E295B1A7A3BF9B231
                                                                                                                                                                                                    SHA1:6A125D6E4B91B604C45121FF664638AF14CE91B6
                                                                                                                                                                                                    SHA-256:4A6C858498979F2B4F4957A7F00E995AB8E821F6A0AE2250A3913703BFCA9487
                                                                                                                                                                                                    SHA-512:472650D752DC7B4585DC238D769C660D5A64E388A079AC10E988BE0BABB0BFE6EE752C8022672E0AF0FCBFFE2018699928F8A053BAE3056201F3659AE715362B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.?'.....................................;...{.......|!......{A..............{A......{A..........{A]..................%.....|!.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):927
                                                                                                                                                                                                    Entropy (8bit):5.364163817184007
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:ML9E4KlKDE4KhKiKhRAE4KzeRE4KoE4Tye:MxHKlYHKh3oRAHKzeRHKoHx
                                                                                                                                                                                                    MD5:A870F03168B188356C8FBC8D502E6A89
                                                                                                                                                                                                    SHA1:ABC920842CA8668B032F51C022FB73469D6629A2
                                                                                                                                                                                                    SHA-256:FD4C5A3EF3E80437E613914B88BFDC209997AF75A071DADB12C231E798DDB387
                                                                                                                                                                                                    SHA-512:2B2C56CC8307A680A6ACDA13267D94D5550FD6263C36DEC324A5F6DEA3606969DFE6C416F3D624DAAE30D8EFB709576FA3F81485725800196564CF59AF5348D9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\bb5812ab3cec92427da8c5c696e5f731\System.Net.Http.ni.dll",0..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WinUpdate.exe.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\WinUpdate.exe
                                                                                                                                                                                                    File Type:CSV text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):621
                                                                                                                                                                                                    Entropy (8bit):5.345265452111628
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhayoDLI4MWuPrePEniv:ML9E4KlKDE4KhKiKhRAE4KzeR
                                                                                                                                                                                                    MD5:9A0010B54E25DD22EC1D9FA3EA1AE6C2
                                                                                                                                                                                                    SHA1:830D8D4D0BD0544B1F25ECF4303C40479CF677C0
                                                                                                                                                                                                    SHA-256:B3D9F4BEFE0FF83AEC0AA7CCFB542E0B9CED36756FBA1BA863606969F3360F56
                                                                                                                                                                                                    SHA-512:6DEBC5BFC689C19AD8B72264FDD3710C93A2C2E5344E8024502B2D3E7554BC80381CE2A7BB4D560EB8F3E5E0C73195D07839651FE8CEA6E27F9A2674ABFF6691
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\XClient.exe.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):311
                                                                                                                                                                                                    Entropy (8bit):5.347482639021185
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:Q3La/xwchA2DLIP12MUAvvr3tDLIP12MUAvvR+uTL2ql2ABgTv:Q3La/hhpDLI4M9tDLI4MWuPTAv
                                                                                                                                                                                                    MD5:1AC8524D3800CDD5A91A864BCD4C3AB5
                                                                                                                                                                                                    SHA1:D003AEE44AC954938CE83E4A80412E04F726EA83
                                                                                                                                                                                                    SHA-256:8652A0399D65C2D111841F66EF2E930CDB8291CC8203252D59FD4921FF336C02
                                                                                                                                                                                                    SHA-512:9F28B59B99D0BC1EB60D29BE54CE2DAAC7D9B5D895311169578383C19A46CCF7CDE498EB6D7F172CF7D1D11E5B16665DF989CD8EEC527282BE3B796CD08C7DAC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2278
                                                                                                                                                                                                    Entropy (8bit):3.853758728823711
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:uiTrlKxrgxzpxl9Il8ueQB6FpF3/Mlugsld1rc:modYvB+pFPMlubu
                                                                                                                                                                                                    MD5:BFDC6B8B58F01C8307C5FDE45111FE84
                                                                                                                                                                                                    SHA1:8CAB704C2328BDD62146B7978612FFA72D85B792
                                                                                                                                                                                                    SHA-256:3E8FBA11E3953B182C17EE81481FC84C69129240A6C87B5411084D80DF582C4A
                                                                                                                                                                                                    SHA-512:6E2D921F9CB032D635B110E6FC7FD881BF46A355AC73A6A453383C7FDC0B2DBAAAF66E1FE1D9D78441F8ABAAE05A118506DB23485A153AB780BDD5CAE4F2FC89
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.D.o./.x.B.B.z.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.Y.H.j.I.C.2.

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2232
                                                                                                                                                                                                    Entropy (8bit):5.379427857998973
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:FWSU4xc4RTmaoUeW+gZ9tK8NPZHUxL7u1iMugei/ZPUyus:FLHxcIalLgZ2KRHWLOugss
                                                                                                                                                                                                    MD5:53FC94E7BB6CC6B136A4F0747ED3570A
                                                                                                                                                                                                    SHA1:D3CE41C5615B80897F8744A1AF7980DDF940A3F3
                                                                                                                                                                                                    SHA-256:BA69B3EC9FB6A7A4F4FB616BA8A75FE727B9A84DE4EF55F44566E067E9F60F9D
                                                                                                                                                                                                    SHA-512:F2DABACADAE49D4F93E7F1A08B73F21F003E02BF01F50F729C72AD866FEC4D52C4A829F83B988C704E019C7528335FEE8F7F0E7B450FE8E341BB15C4EDDD39D5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.ConfigurationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.4.................%...K... ...........System.Xml..<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\4ad3e0b3-5c3a-4efc-9ee2-7d7fb75be9fc.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:PNG image data, 560 x 315, 8-bit colormap, non-interlaced
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):16259
                                                                                                                                                                                                    Entropy (8bit):7.968675746259537
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:SsAikOggeC536WiWxFu1WwOzEiraismFb:STik1gv16WnxFsWwdirVFb
                                                                                                                                                                                                    MD5:0C6EC69B054FDEB31CF3E5E10290FD8E
                                                                                                                                                                                                    SHA1:5B2D2EF0E3B5824ADDCC34D642769F5F14671411
                                                                                                                                                                                                    SHA-256:D980AB372658F4C7C8F07D730EF6DC67E3FB3471F37928274F915C0308850994
                                                                                                                                                                                                    SHA-512:61947EEFDEFDC94654991E00DE1045CA1E781B69FE1C7305614735926E256F007368F3E904207C8612E03D09E904E03B2A69A4CB297672A49952B2DDA5459CA1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.PNG........IHDR...0...;.......K....$zTXtCreator....sL.OJUpL+I-RpMKKM.)..Az..jz......pHYs.........O%......PLTE...222..~.....................111...3339;?....% ...344<>B;=A./0......78<......000OPRwwwtyzggi;;<CEG......]^a...him%&'.....................')+.......#............~~....555.........>>>SSS...ABE.........888...*+.FGK...eeg..._`c......??C.....abe...W..XY\...............???UVZPQU...LMQ............[[^.. JKNu{|559...mnq..........klo........~.........stv... !#...TUW...||}......ppt..........*'.............."#&.........................ist......{......b[QTWkxy.....::=........................^ij.......................ITUw........,67!-.0;<bno...Yde...&12...a..^........ ..P[\.&'............T`a.....DNOn|}6FG......;........>JKL.....~..6ABb..C.....+........=.~?QS......m....[.....C.p.....3..YR........}_.nN.]J...)%~.......v..6rk.....B.U5.Ij........2~2..[..,..;.IDATx...O....!.3........V\_..j.s..).....8.(8g..B..J...T....R.........V..t..f.(.Nr$....T.R$....'/....RJBx>~.."c

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3178277
                                                                                                                                                                                                    Entropy (8bit):7.914678146803296
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:98304:va5GYryGYrMtWBJHU74Z9wqKOButZoGza:S5HGH8ob9wrZ7oGza
                                                                                                                                                                                                    MD5:C9C01FDC7D3AD84CEEB43C6B099A8AD5
                                                                                                                                                                                                    SHA1:2E7A67B2DD1A9BB2AD530A76868EC1636612C294
                                                                                                                                                                                                    SHA-256:F811DADCD0EC744B5927F4EB6B100BBEC8C6F03C13218BDDE25FA0F8A8FED056
                                                                                                                                                                                                    SHA-512:B58BE960EF3219FB0E9BA3A533DD1B26861EB7300526FBD3761EE21CFBFA77B86AC969FFF6EAAAF97B8B573AE684113E3DEB39A8C4A85C6CD7EA4F67A8386836
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...tN.W...............2.....................0....@..........................@..........................................................@h...........................................................................................................code............................... ..`.text...,........................... ..`.rdata...T...0...V..................@..@.data....3....... ...n..............@....rsrc...@h.......j..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\IF{98A5518D-9C09-4147-BBFE-CE71AD0FBF52}\Desktop.dat

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):75
                                                                                                                                                                                                    Entropy (8bit):4.197209073300621
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YWi14jZY6xA4vXyU4jZY6E:YWicZY69XsZY6E
                                                                                                                                                                                                    MD5:F97AF9F76317A164E194D2ADB9A79F4A
                                                                                                                                                                                                    SHA1:A793EF80CA4620916FB0FF938A61C087E0794B75
                                                                                                                                                                                                    SHA-256:E96B37868F42BE735C6D9CD8FE937C154E3D93DC43A653DBCD1200937B6C1918
                                                                                                                                                                                                    SHA-512:268D1CD05527D178C9A5B51EEB1AEC4C2837823A088915D05B40A140791367ED569DACD222C901617CACC2B8E81DC4A988E1D512162BBDF415C660A91D5FE30E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:<installpath>\BotMaster.exe..Bot Master....<installpath>\BotMaster.exe..0..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\IF{98A5518D-9C09-4147-BBFE-CE71AD0FBF52}\Image_Left.jpg

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PC bitmap, Windows 3.x format, 164 x 314 x 8, image size 51496, cbSize 52574, bits offset 1078
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):52574
                                                                                                                                                                                                    Entropy (8bit):3.0903761385512687
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:4BEdMSd1XtGxVej7fSXgWuZThHUfL1y80X/NisaihUzgsQYEq82FMoXZXzJzyoVw:xC01XtGSDr6puPnhicedJAGo9xScd7
                                                                                                                                                                                                    MD5:D4C6925A72BB9F71A5A9BC8FE2022F9B
                                                                                                                                                                                                    SHA1:AF89965F896BD744A8DB922DEE58BE9248603B6D
                                                                                                                                                                                                    SHA-256:C5D0EA0D4E4CCA82C72045AE40D0FFB68C6E9DE6304C3DFAA17D99FAB03E47E5
                                                                                                                                                                                                    SHA-512:303FC0D8FFACD8B4179112CF5B1143840826E629FF3583BBFC21ACE940D4468057E0472246C855118967A16A2CE5067D884DD31CEE24B7A489B6E82E1BD70ED2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:BM^.......6...(.......:...........(.......................3...f................3..33..f3...3...3...3...f..3f..ff...f...f...f......3...f..................3...f...................3...f.................3.3.3.f.3...3...3...3..33.333.f33..33..33..33..f3.3f3.ff3..f3..f3..f3...3.3.3.f.3...3..3...3...3.3.3.f.3...3...3...3...3.3.3.f.3...3...3...3...f.3.f.f.f...f...f...f..3f.33f.f3f..3f..3f..3f..ff.3ff.fff..ff..ff..ff...f.3.f.f.f...f..f...f...f.3.f.f.f...f...f...f...f.3.f.f.f...f...f...f.........3...f................3..33..f3...3...3...3...f..3f..ff...f...f...f......3...f.................3..f...............3...f.......................3...f................3..33..f3...3...3...3...f..3f..ff...f...f...f......3...f..................3...f...................3...f...................3...f................3..33..f3...3...3...3...f..3f..ff...f...f...f......3...f..................3...f...................3...f.........................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\IF{98A5518D-9C09-4147-BBFE-CE71AD0FBF52}\Image_Top.jpg

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:PC bitmap, Windows 3.x format, 55 x 55 x 8, image size 3080, cbSize 4158, bits offset 1078
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4158
                                                                                                                                                                                                    Entropy (8bit):5.5650658856515
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:tTvuA1NlwGt6tzZe+6HWjKQR+jtuFWHKiw0zY:lvpt6bAH0zYjtun0E
                                                                                                                                                                                                    MD5:4AE65BA99FB788D962860EC9ED14F2A7
                                                                                                                                                                                                    SHA1:9D89FC4DF5CB45232C4F6B514855DE723D5B4809
                                                                                                                                                                                                    SHA-256:6D118DC765ED52458079F8F588B7E144B02AA8E564F06726AADE9CA7D77EF0A3
                                                                                                                                                                                                    SHA-512:A5D593F69F38E9907628B0AB8ECB7FF79AF0C8A0223B3FAD7D9ED7361FC3F202F16A13280EBC52587E616206E3AEF641E6A0294A7E574321A2CE41BAB9871A9E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:BM>.......6...(...7...7...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................M...F...A...X...=...2...:...`...X...]..B...+l..zj..Rg..[.....|...y...v...}...q..v..z..{...j...f..o..n..j..w..e...[...Q...Z...G..T...y...p...f...;...5...%...,..8..........................u.M.t.E.g.<.Z.2.J.0.R.).>.!.2.'.;.5.2...$.............................'...U.A..~~..yy..{{..zz..ut..rr..uf..on..rr..tt..|z..ml..gg..ff..n

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\IF{98A5518D-9C09-4147-BBFE-CE71AD0FBF52}\OS.dat

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):189
                                                                                                                                                                                                    Entropy (8bit):4.373765379459472
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:jBJUVVVFY31J+1jyf1J1AyF4ovf1Jwfvf1J1AyFzyf1JRiuo31JeFYnvf1JXvo90:jBJU/Vi33+xyf3BKyf3wHf3BByf3Va3L
                                                                                                                                                                                                    MD5:34C275EE1F7992EA61B44D72C8ED6DB5
                                                                                                                                                                                                    SHA1:24FEF4EAE09F8BC04F9AA8916538A0B05D520C61
                                                                                                                                                                                                    SHA-256:8819195120405611C3FCFF1FB1DB3AB0BA10370A5CAD6DA249158327B1A457D3
                                                                                                                                                                                                    SHA-512:FFCFF890C5419E9BBFA02984C28B1E01A6E5E9B38B23DE5C2FDBE8B11E37AFBD9DA7E8B4E525FD5B8D9EF42D48670C69DD63CC1628A7759857772DCB24AA1806
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Windows 2000 = 1..Windows XP = 1..Windows Server 2003 = 1..Windows Vista = 1..Windows Server 2008 = 1..Windows 7 = 1..Windows 8 = 1..Windows 10 = 1..Windows Server 2016 = 1..NoOSCheck = 0..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\IF{98A5518D-9C09-4147-BBFE-CE71AD0FBF52}\SC.dat

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):617
                                                                                                                                                                                                    Entropy (8bit):4.979018643483574
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:zoKR7C7RUddIiXRQsthXWSS4s1XFPX/U0XtNmK1MkE/hkCqGmtEU:zoKR7aEe0bpWSShx/xtNH1MkE/hkCXgD
                                                                                                                                                                                                    MD5:0B21A5C4921A2785A5F2CCD2BF87078E
                                                                                                                                                                                                    SHA1:253C557996593926C5FD4C953AA332B82C1588BB
                                                                                                                                                                                                    SHA-256:2598290D1C4B8681A0372D9A3F43700D18181C1242A643FF316A8A1E32B293BF
                                                                                                                                                                                                    SHA-512:95FDE939C67BABD44AAB836B75EEF57483811A13A2F0BEE34DCCBFE94CB035767FE437785B22F3B444776CF22B82DAC737E9836DB253247D5E6A5DB3CFD5CD92
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[Setup]..Appname = Bot Master..Version = 5.8..Licence = 0..ChangeApplicationFolder = 1..ChangeStartMenuFolder = 0..Desktopicon = 1..Allow_Desktopicons = 1..Allow_StartMenuFolder = 1..label = 1..InstallDir = <programfiles>\<company>\<appname>\..StartMenuFolder = 0..Addition = 2..ProgramRun = <installpath>\BotMaster.exe..ProgramRunArguments = ..Languages = 1..ShortcutFolder = <company>\<appname>\..Uninstaller = 1..UninstallerFilename = Uninstall..Uninstaller_VW = 0..Website = ..serials = 0..Serialcheck = 0..SplashScreen = 0..SPS_Time = 2..Company = Bot Master..TotalSize = 14.1 MB..Website1 = ..SFA = 0..DFA = 0..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\IF{98A5518D-9C09-4147-BBFE-CE71AD0FBF52}\Setup.cab

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:Microsoft Cabinet archive data, many, 10508 bytes, 7 files, at 0x2c "SC.dat" "Desktop.dat", ID 12345, number 1, 2 datablocks, 0x1 compression
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10508
                                                                                                                                                                                                    Entropy (8bit):7.9591525913668395
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:lQQNrFWwfoM349aGmRXEjP+wKL1S+wdWgO3LzPYuBUyero:/NAwfJYaGCukLM+wwgO3L0ENero
                                                                                                                                                                                                    MD5:546D45BBBC4F0A01C821ACA07CF3D386
                                                                                                                                                                                                    SHA1:2D31E127034D32A1AF45C3688F86EEE79152C0C2
                                                                                                                                                                                                    SHA-256:5E302CD6842EB6A17A1E6748ADAF886DEDA0FA5EAD37E0372FE22628F3758C6F
                                                                                                                                                                                                    SHA-512:ACB806869C789C07B9D558441BC89EAE205908EF305AF8F877D009BD8A876B66F8893239F7DEB4B51AB4ED4329A7E62AC3A7FE2327EBC98BE746A7B8C2B96D74
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MSCF.....)......,...............90..........i...............SC.dat.K...i...........Desktop.dat.................OS.dat.....q...........default.ifl.^.../...........Image_Left.jpg.>...............Image_Top.jpg.|...............licence.rtf.N.A:M...CK.\.n.6...eD..V..{..v..M.n......l.l.N....@.K. ...H.'}.....Az......?.H....;m....3.D.....C.?.E........b..G....<...I.-...."..gP.../...&.h6&....g..4....q..U...h.'.'..p.>.f.....U..N...1...=.N...D,o.....q4e_..4.N...S./...Ex.O.Q......E8{..B..?mce..NN&)....9..%.}...q..g...x.:...H..`q.<.f)i=@.._.......|...i.Hu...g.....C...U....~x...2:N&iD.D.I8M.#.c|.._.i.....Q4.%.^.........V.....&?...~......z.]....|../. ...\J.7.../...;w.0...?..C....pa ..a.O.]..|./....w4.....x6...F..O>:..y.......1.SR...t:I..).O(.....N..'...4..@e_L.i....OU.^....4J...Y.6}...%...0.!h....8~.J....6~<.AkX...W-...+c....A..qt.~{A..!..g......J.....i...?..W.p...4.F........?a.>.......O.9.j^...,Q..l|..]...w..|..2..'...B./..K'3..=...L(.....ES0.......S_....{..F...i.O

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\IF{98A5518D-9C09-4147-BBFE-CE71AD0FBF52}\default.ifl

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3006
                                                                                                                                                                                                    Entropy (8bit):4.906329518650122
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:KSH5mNWUm8/7UzY8Dmwwn0VYNv7TO4L/kpLlpfX9+XD/Vyx2IBGG+KX2ihd8rdpF:bZhUP/7UURn55Tf/ipX9+XrVmRtX38
                                                                                                                                                                                                    MD5:DC51022CF78C9B519F2058983A773119
                                                                                                                                                                                                    SHA1:56BF6AAE50122301617CDAA7C5002C38FA1571A1
                                                                                                                                                                                                    SHA-256:93E28A5125B4864773F53D1C5F87C1756EFA0C2D60D5C3FD6B34AA920080F568
                                                                                                                                                                                                    SHA-512:DFAC8474BF7724B000A530B76152F75E146AE490D7F3D1F4960247226663EF738C88000A2B3C033BF626348DB4B33D7B26E0202B840052D80FF6C36BB8E089AA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview://(C) 2006 Forgesoft..//English language file for InstallForge.....[Main]..Title=<appname> Setup....[Gadgets]..NextBtn = Next >..CancelBtn = Cancel..BackBtn = < Back..FinishBtn = Finish..BrowseBtn = Browse.....AcceptOptn = I accept the agreement..DoNotAcceptOptn = I do not accept the agreement..CreateDesktopIconCbx = Create desktop icon..CreateStartMenuFolderCbx = Create start menu folder..LaunchProgramCbx = Launch..RebootCbx = Reboot computer now..DestinationFolderFR3 = Destination Folder..SelAppFolder=Select Application Folder:..SelStartMenuFolder=Select Start Menu Folder:....[Messages]..ExitSetupH = Exit Setup..ExitSetup = Do you want to abort the installation?..CouldNotExtractFileH = Error..CouldNotExtractFile = Could not extract file!....[Start]..Title = Welcome to the <appname> Setup Wizard..Text = This will install <appname> <appversion> on your computer. It is recommended that you close all other applications before continuing. Click Next to continue.....[LicenceAgreement]..Hea

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\IF{98A5518D-9C09-4147-BBFE-CE71AD0FBF52}\icon.dat

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):25214
                                                                                                                                                                                                    Entropy (8bit):5.835474441553232
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:0dAfBqLXaIkeASzZ0oK78hUZZZgYa8IFDAcVraGFIdcTtwbMZ:0dawLXaIkjkqkhUZZZ3DIrd7RibM
                                                                                                                                                                                                    MD5:FA63A0160B9FF05DC70CFBCA82B465B6
                                                                                                                                                                                                    SHA1:0493E1DA3943D27A4A96071F914B9ED01E9C0DAA
                                                                                                                                                                                                    SHA-256:D3A14188ECCD7761CD20CE86237F481A4BCDDFFCD460871BD7B4504F6162D9DA
                                                                                                                                                                                                    SHA-512:496A7610857E77CB6CC6140D82DDCC975C6CFCF63FD3995D2C9A4B6ACCAF150CDB49686867A99EA1441B8D1C70224E95327C326979E22F11ED31838D92C6C699
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:......00......h....... ......................(.......00.............. ......................h...^"..00.... ..%...'.. .... .....nM........ .h....^..(...0...`...........................................................................................................................ww.....................xx.wwp......www..............ww....x...w.......x.......ww.......w................~.......p..............x..................w....x.........p........""'xw...................""""z..................."""'z...........p......."""'............p.......**"'......................"g....................**"x......................"x.....p..............**"x..................~....x....................*..x..................~....x.....p.x.............w..................~....w........................................~....w............p...........x...........p.....~.......................~.......................~......x.........p......~..n...................~.......w.......p.......~nnnnnnngx............

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\IF{98A5518D-9C09-4147-BBFE-CE71AD0FBF52}\licence.rtf

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):124
                                                                                                                                                                                                    Entropy (8bit):4.834602545781737
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:gOz4RJXDVWiFRcz7eVFMALMezbOGU5YB5DVALXA2n:L4VXFRcz6DqWR5JkQ2
                                                                                                                                                                                                    MD5:969D154352C0FAFB84B27B8CAF22D504
                                                                                                                                                                                                    SHA1:1E1C45A31C159DE7824332BBB95134663733F3BF
                                                                                                                                                                                                    SHA-256:CFEEE7E71A82187371519F9A0C232FACF5E82889C2E4AE7BB57532E09A5C30C0
                                                                                                                                                                                                    SHA-512:B38B5759DB705A0808F2A4BFC3135613607B78795A2D216ABDA06DAB0CE1BA8F7D56412B6B5319CB07066CE6E6BD181F940949CBBB99C27DB02C36A7807B6835
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fcharset0 MS Shell Dlg;}}..\viewkind4\uc1\pard\f0\fs17\par..}...

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_euzn5ly4.z5f.psm1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_n1pcuabh.00m.ps1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qau2cjvt.dcj.psm1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qqxrkmyn.yyh.ps1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_qx4reff4.hur.psm1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xu32ej2j.bqy.psm1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z2ztgzgg.0pg.ps1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zjcg31qg.bmv.ps1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):60
                                                                                                                                                                                                    Entropy (8bit):4.038920595031593
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                    C:\Users\user\AppData\Local\WinUpdate.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3511296
                                                                                                                                                                                                    Entropy (8bit):7.939995431573425
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:49152:rbAa/I9L1n4OjdXalpe85gqWa4CRFaMQRh/7hK+OWp7W+qYp9foZWHyeHxYMp5FN:ga/K1Fa71qrMFO3DgCjqWQZWSmeMTPH
                                                                                                                                                                                                    MD5:F24A4D5B6036A3DE2EBA88868BD771F2
                                                                                                                                                                                                    SHA1:3048D822D2B80D66284D1446052DA0BA2BE27D9E
                                                                                                                                                                                                    SHA-256:2C2F38B6679224281D1F9A0BEE4AC5DB26F845E0D0EB74C0CAA2D994411EE7E2
                                                                                                                                                                                                    SHA-512:17A245A0C5E70982EA5F479319417864E122D3FEBBDF16D310D42B7F9ACB8D7135FDF9C34082CD42858A4B98E696EC02D17B69DEB249E8ED0CDFAB26EC909BFC
                                                                                                                                                                                                    Malicious:true
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N.e..................4...........4.. ....5...@.. ........................5......J6...`...................................4.K.....5.......................5...................................................... ............... ..H............text.....4.. ....4................. ..`.rsrc.........5.......4.............@..@.reloc........5.......5.............@..B..................4.....H........q.. I...............@1..........................................(....(....*.*...*....(b...*.0..E....... ........8........E............9...........]...8....... ....8....*..9.... ....~-...{....:....& ....8....8.... ....~-...{....:....& ....8.....(#..... ....~-...{....:....& ....8........E........0...8....s......(.... ....~-...{....:....& ....8.....I...& ....~-...{....9....& ....8........E........8......... ....8..... ....8...............l..7....&~.......*...~....*..0..

                                                                                                                                                                                                    C:\Users\user\AppData\Local\WinUpdate.exe:Zone.Identifier

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):26
                                                                                                                                                                                                    Entropy (8bit):3.95006375643621
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\02c72bf6-4ea9-4e38-aeef-c6fa91f536d6.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):949
                                                                                                                                                                                                    Entropy (8bit):5.6834948680070525
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YKWJu5rrtI+9nZLyUW83DUH6pBZfaeCUWO4czIbvX0QQRCYfYg:Yqfq6UULIHIB1ZH4czCvZB0
                                                                                                                                                                                                    MD5:5E498BB75009739104901BE011470B60
                                                                                                                                                                                                    SHA1:8AC02790BCEE6BC3237F00770A4754B8F2ACD759
                                                                                                                                                                                                    SHA-256:2E6E8FE1D79C2D35A40FBF69D9E3833AD501362527493BD859844E8D234B4206
                                                                                                                                                                                                    SHA-512:1A70A51CD440479905D5297AB77BE4FF2ADCFEB3E842242CB87461A3BC8507A46EE8A67A407B63163B1945EE26C8F76DBCC227F7736B90B8B28BCE2E6A165485
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABgeMgLbTHqT4ZdtySMAHWvEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADlzDCh0OPky8yw7bsie0rKFKneHA/kx1kyF7EN3ed+cQAAAAAOgAAAAAIAACAAAABZDcy2+MV59fH/50Y/NbTYCxbv1ErctHXne9S5dCGYTTAAAAAo0dMALsmk9bPktOPAt7Qnm8i5+3YRs3o6oaUyfg/N8kkxL5Gr2eqBwQ/ahjcsFgRAAAAABZn0u/6sLNl/Ewtdq2E3cxyRTMl+UiEpnhu85exQ1p8F3tiHZeLlUgFKxjH/+8sdYfhmQyk01nQ9+OcGqyrVCA=="},"uninstall_metrics":{"installation_date2":"1710088262"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":3779,"pseudo_low_entropy_source":565,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13354561862731533","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\35d5fdd0-10d8-4a90-99dc-0d691dfb2833.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2052
                                                                                                                                                                                                    Entropy (8bit):5.452508354908
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:YDEFMsFiHC0afq6UULIHgf5nVO3HB+5drxkB1ZH4cvRCTZBG/d2a:PNkC1fq6UU0HgRgBi+LZxJCTZI4a
                                                                                                                                                                                                    MD5:A65F112095FE004695CE8C8C2221B3AD
                                                                                                                                                                                                    SHA1:B1AF96629A5002BA08CD4E87CE1D8811E60D305D
                                                                                                                                                                                                    SHA-256:A7FEB69E0926A9FA54D7C022D48BA875B4EF247440F22CB71ABA7A544F9265AA
                                                                                                                                                                                                    SHA-512:CC1C362BCF554570593B3A918D1A7A449BA45B1AF72F94026295DA516DEB746ED133A771E8C356F6803ADCEFB9ABB780DAA7834BD5FC753020FDC6CED910E3B2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABgeMgLbTHqT4ZdtySMAHWvEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADlzDCh0OPky8yw7bsie0rKFKneHA/kx1kyF7EN3ed+cQAAAAAOgAAAAAIAACAAAABZDcy2+MV59fH/50Y/NbTYCxbv1ErctHXne9S5dCGYTTAAAAAo0dMALsmk9bPktOPAt7Qnm8i5+3YRs3o6oaUyfg/N8kkxL5Gr2eqBwQ/ahjcsFgRAAAAABZn0u/6sLNl/Ewtdq2E3cxyRTMl+UiEpnhu85exQ1p8F3tiHZeLlUgFKxjH/+8sdYfhmQyk01nQ9+OcGqyrVCA=="},"policy":{"last_statistics_update":"13354561863065213"},"profile":{"info_cache":{},"profile_counts_reported":"13354561863077847","profiles_order":[]},

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\3aea7d6f-1143-4950-ae16-e0ef76dc8dd1.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3436
                                                                                                                                                                                                    Entropy (8bit):5.266675819053177
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:PNkGSCvfq6UU0Hg58rh/cIyURoDotomAB7oLZxJCTfX4u:PNBSh6UhHZVoDUO7Q6Z
                                                                                                                                                                                                    MD5:0232B9A667B6AFE5967B1919D5DE6E78
                                                                                                                                                                                                    SHA1:762EE231F32F5D20E13189F5F63F0B4805ADEB29
                                                                                                                                                                                                    SHA-256:A7147953E26D1D39D7131A7EE7FAA2B59C4210EFB08904806DED7F3C906C6111
                                                                                                                                                                                                    SHA-512:EDDC4FE8B740641B1937CDA11B20940F605C0EDDDABFF5DCC105BFC1CE31752CE37E1F23458230F9763CAF37C59BD97EB82465E0846BC7F91D0F1DF3AB152FD2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"is_dsp_recommended":true,"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.710088264565288e+12,"network":1.710088264e+12,"ticks":6381188236.0,"uncertainty":2649480.0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABgeMgLbTHqT4ZdtySMAHWvEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADlzDCh0OPky8yw7bsie0rKFKneHA/kx1kyF7EN3ed+cQAAAAAOgAAAAAIAACAAAABZDcy2+MV59fH/50Y/NbTYCxbv1ErctHXne9S5dCGYTTAAAAAo0dMALsmk9bPktOPAt7Qnm8i5+3YRs3o6oaUyfg/N8kkxL5Gr2eqBwQ/ahjcsFgRAAAAABZn0u/6sLNl/Ewtdq2E3cxyRTMl+UiEpnhu85ex

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\4fcdd837-40f4-4c05-97b4-c98fe2cb88a5.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16796
                                                                                                                                                                                                    Entropy (8bit):6.070980111840177
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:n8PofZScWax9YzUbCIhmbI34qS3sidzNBS3UhH6iEKWPESEryQ:erfax9YzUOIYbIofsid/hZEKfZ9
                                                                                                                                                                                                    MD5:154CE9C12F8AF4037188BD062890C496
                                                                                                                                                                                                    SHA1:0C0EBC22C7DC3F89588AFFD264B597156703D959
                                                                                                                                                                                                    SHA-256:97D6A92C7B368253E44800B4084F756604F06AF212C5EF898C8E21D6F8AF7EC0
                                                                                                                                                                                                    SHA-512:BEF484F1A82550A7376AB817A93877B8782BF5F9F38425837E8E30DF71DED73A742E9B88DC68D02DF7413B6B253165FB5336AD98D81182167E88C0962E4A60A8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"domain_actions_config":"H4sIAAAAAAAAAL19a3PktrH2X1HpU5LyQNLe5M355HeziV3Jxi5nU656T6VUIIghIYIAF5eZ4bj83083ONJKOwRmmutzPngtUWzc2Oh+utHd+PXyO1Nb5/i/v/txI51Ttbz886+XfBi0Ejwoa/zln//7P99cDhYeKIm//XppeA+vXb6vG/nv7y6/uQzjgL8P3AXF9c9y0FzIXpoAf9twHfGP30GT8hdZ/V2Fq9cvb9nLNxd/+Pv3Hz/845sLrTp58TcpOvvHi3ets728ur1m1+zl65ffspvrFxf/4mvu1AMZdnt1A3+5vX3z8vK3bx7HM9E+HZGEVz/aTpr5MT0l/ov9pw2Pa/DYQv3s8ZP3cRRv3/6vTP7tW5j8q29fvWK3r47nPv355ub1NXv9+nj6/+djmvsCwFTvtIL+vlcm+PL3OHr3MMBfL70UK9GuIl/xuk6MVzlu4KfLv1nbaHkY2+VvwJ+f33Wytxug/+/LD0o46+06JJa5hLeil+6ON9DZnX1kd2ADbAF+98Dvl3+++e2bS765uRO2luJuLXmITt6JFtbjCdXRJjk8kPVd2isjNPzjEH6MuOa17bmCpi+NDGutdkzYPq3b+SQ+xFpZP1FmNuQj8WG5v9vcvMNJ/HWawzucwuGdoxmLuqfOzujx/W6wXv6k+fiz5PX4dNxeK9MUJvpI/Qv0uFFGPiUONrKwWULZ8x38LNlhtxKpeSUWD3nDkEIupdf8lqmwhHK3VkaFcWnHWx5EC6MXtsSXxSZUAwOQ0IazDTDV0mYq2Pgiug225Fu+ZYIvaaaVuMU28BcbnDVLRyMczMkB/4uWGyP10nZM4KFFllz6fex2cNKD0PKDjosXd9PuFm6pNuq4tFd4nX2KSnTwUYaljfxF+fY7M25b6WRZAM6KpIM0xEcuPXqisWY7PhA8PjkWlkk10MTl9/Dmh/X3ciOSTKaJjgKxAbUpAcQVF+aY/j

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\5b21276f-b251-4b0c-a62d-bc0d5bf0e0c5.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3500
                                                                                                                                                                                                    Entropy (8bit):5.254893091453008
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:PNkGSCvfq6UU0Hg58rh/cIyURLl8DotozeB7oLZxJCiso4u:PNBSh6UhHZViDUP7QrJ
                                                                                                                                                                                                    MD5:1C435F64656BAFCA7CF9ACFFD9F8A673
                                                                                                                                                                                                    SHA1:03D2FE1F3C6F108C0DA7CAC271CFF9D2C79E1E0D
                                                                                                                                                                                                    SHA-256:AB8751924453C82D86D7C1FE670AC22BC543C2BF7B62F1110A4F658F38ABC5A0
                                                                                                                                                                                                    SHA-512:795C60F4CACCDA16ADC169DF1122DF985A7442C9A194461326864CE56C51B9FDE7CC0AEEF5C039C259CD91B5795B07B5018B27F6DA7E68C074973B6EFF4B18D4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"is_dsp_recommended":true,"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.710088264565288e+12,"network":1.710088264e+12,"ticks":6381188236.0,"uncertainty":2649480.0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABgeMgLbTHqT4ZdtySMAHWvEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADlzDCh0OPky8yw7bsie0rKFKneHA/kx1kyF7EN3ed+cQAAAAAOgAAAAAIAACAAAABZDcy2+MV59fH/50Y/NbTYCxbv1ErctHXne9S5dCGYTTAAAAAo0dMALsmk9bPktOPAt7Qnm8i5+3YRs3o6oaUyfg/N8kkxL5Gr2eqBwQ/ahjcsFgRAAAAABZn0u/6sLNl/Ewtdq2E3cxyRTMl+UiEpnhu85ex

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\943fe13c-a0f3-4bd0-8bee-28fbc2fe60d8.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2899
                                                                                                                                                                                                    Entropy (8bit):5.287642189814302
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:YDEFMsFiHGS0afq6UULIHg3p8QSh/cIgwLURMYXylVotoW/5K1DVO+HB+5drxkBz:PNkGS1fq6UU0Hg58rh/cI9URoDotoCuT
                                                                                                                                                                                                    MD5:7CE077916EBF6C87C6F70C124064FB13
                                                                                                                                                                                                    SHA1:541887E7FC8E5FFA6DBB290859F372245CAAE0FE
                                                                                                                                                                                                    SHA-256:E35BC5E107939008E9FC8753056813C3700C9057512B583FE8A2209DE22DA0D8
                                                                                                                                                                                                    SHA-512:423A1B5D368D82D3BD26468B937827ECDBC9520F1F537FE9FAE9EC1F633F52764B44D705E4ED646C1B3BE17E32B01ED7A95E783236885F462F61892F966D68E5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABgeMgLbTHqT4ZdtySMAHWvEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADlzDCh0OPky8yw7bsie0rKFKneHA/kx1kyF7EN3ed+cQAAAAAOgAAAAAIAACAAAABZDcy2+MV59fH/50Y/NbTYCxbv1ErctHXne9S5dCGYTTAAAAAo0dMALsmk9bPktOPAt7Qnm8i5+3YRs3o6oaUyfg/N8kkxL5Gr2eqBwQ/ahjcsFgRAAAAABZn0u/6sLNl/Ewtdq2E3cxyRTMl+UiEpnhu85exQ1p8F3tiHZeLlUgFKxjH/+8sdYfhmQyk01nQ9+OcGqyrVCA=="},"policy":{"last_statistics_update":"13354561863065213"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://t

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\BrowserMetrics\BrowserMetrics-65EDE046-1B0C.pma

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1310720
                                                                                                                                                                                                    Entropy (8bit):0.3830990029723777
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:6YpM5CZCa+jdbG8F1ZY2zQ1b6zSCsxqQ2hqhnjNT5QYRGO:6fMZ5+hb1ZY2zQM+xqQ2hqJNVQYRG
                                                                                                                                                                                                    MD5:B9438C26BB74685BC7F0C12735CBDE97
                                                                                                                                                                                                    SHA1:6F78BED27366DCA0AC0ECE263503A42C47F7311D
                                                                                                                                                                                                    SHA-256:A0082260720F878B7502597D20EE9BE0EB22F81CA8D46B7A0637ABE20FE342A6
                                                                                                                                                                                                    SHA-512:9C6706CE762AE21BE1120E5572AEE18FDC0CAB011E468A06F0AB7F6E49BB92AA6AF3DD467D723E949F29406523B8CE10C6DD9676AF370F67D43D65AA04AF48A8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...@............C.].....@................A..P1..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....;.........117.0.2045.47-64".en-GB*...Windows NT..10.0.190452(..x86_64..?........".hravta20,1...x86_64J....?.^o..P......................>..*......iW:00000000000000000000000000000000000000000000!00000000000000000000000000000000000000000000!BotMaster.exe.!1900/01/01:00:00:00!BotMaster.exe".5.8.0.12...".*.:..............,..(.......EarlyProcessSingleton.......Default3.(..$.......msEdgeEDropUI.......triggered....8..4... ...msDelayLoadAuthenticationManager....triggered....<..8...#...msSleepingTabsShorterTimeoutDefault.....triggered....8..4... ...msEdgeMouseGestureDefaultEnabled....triggered....8..4.......msEdgeShowHomeButtonByDefault.......triggered....<..8...$...msConsumerIEModeToolbarButto

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\BrowserMetrics\BrowserMetrics-65EDE054-1214.pma

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1310720
                                                                                                                                                                                                    Entropy (8bit):0.5656913131517847
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:hghx4UeXVG0BYRt69jGJ2SR1RGg1DRFFKRGQFbLfqDac1WRG:2feX0vRtuO2SRKg1HFDsLfqf/
                                                                                                                                                                                                    MD5:6E409DC424094214D0997E3BB10EA344
                                                                                                                                                                                                    SHA1:F87ED1D160CE677FB3A445C956E36C5CB9EBBE09
                                                                                                                                                                                                    SHA-256:7551EF627AC42108705A0B426E843762B312ECCD44D612DD1012ABD3D6BFEC6F
                                                                                                                                                                                                    SHA-512:8524500340328C6F98E6B007E7681CB171574ADA36F8804A93E38EDB498F69C8EEC51F699AC4FDBA51A02EADF8AA7FAC718876D7B4D68C68EE3469958760B206
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...@............C.].....@................:...:..............`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....;.........117.0.2045.47-64".en-GB*...Windows NT..10.0.190452(..x86_64..?........".hravta20,1...x86_64J....?.^o..P......................>..*......iW:00000000000000000000000000000000000000000000!00000000000000000000000000000000000000000000!BotMaster.exe.!1900/01/01:00:00:00!BotMaster.exe".5.8.0.12...".*.:..............,..(.......EarlyProcessSingleton.......Default3.(..$.......msEdgeEDropUI.......triggered....8..4... ...msDelayLoadAuthenticationManager....triggered....<..8...#...msSleepingTabsShorterTimeoutDefault.....triggered....8..4... ...msEdgeMouseGestureDefaultEnabled....triggered....8..4.......msEdgeShowHomeButtonByDefault.......triggered....<..8...$...msConsumerIEModeToolbarButto

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad\settings.dat

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):280
                                                                                                                                                                                                    Entropy (8bit):1.8931011582971837
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:FiWWltlOfVtJ/l/NEjYb1gmlw:o1OfHJ/1fCmlw
                                                                                                                                                                                                    MD5:9D1325903D3C91A3EE112737DCD4ADC4
                                                                                                                                                                                                    SHA1:7C356E9DBE2921520BD0EDCA4D9E02E7D4E63EEE
                                                                                                                                                                                                    SHA-256:8F17D6F609B9F6647E49D372F77D0308A5496A369AF67BCE6AC355AD7E421692
                                                                                                                                                                                                    SHA-512:DC7F93D7F8732231BA747CEAB3D7337F417868B0C4CEA3915AF39C619D067AC556A8776AF4974228FE9D8FE6E472202CAD6D28F7AEF7CB0DE5B441C07667EFC2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:sdPC....................C...M.:F..$S.H.O................................................................................................................................................................................................{F3017226-FE2A-4295-8BDF-00C3A9A7E4C.}C:........

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad\throttle_store.dat

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20
                                                                                                                                                                                                    Entropy (8bit):3.6219280948873624
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:8g6Vvn:8g6Vv
                                                                                                                                                                                                    MD5:9E4E94633B73F4A7680240A0FFD6CD2C
                                                                                                                                                                                                    SHA1:E68E02453CE22736169A56FDB59043D33668368F
                                                                                                                                                                                                    SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
                                                                                                                                                                                                    SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:level=none expiry=0.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\4b931405-217b-4ab8-b1c0-9a5a3f414f2a.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5604
                                                                                                                                                                                                    Entropy (8bit):4.754422429722215
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:stK/vL21s13UCa8zodY5eh6Cb7/x+6MhmuecmAeF9eIMR7K:styvksyCak+Y8bV+FiA4edhK
                                                                                                                                                                                                    MD5:6AAFD5AF934E4EFA8582F8CA35D166F8
                                                                                                                                                                                                    SHA1:835835ED12C40D04B23BCF72734E88766AE8A955
                                                                                                                                                                                                    SHA-256:11ED3989B8EF8E510CFEAC18F35CEC627B5F239EDC4E4C17F82FC20A31C0D57C
                                                                                                                                                                                                    SHA-512:310E043B27338FDB023038466A5890033550593AA81DAA9642EE402ECBE3EDFC72B71646FBEA1FB0C7A893FB40934B730B26317BB418291CDA1B908ED6224F9D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13354561864756333","alternate_error_pages":{"backup":true,"enabled":false},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":984,"browser_content_container_width":1066,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13354561864577512","domain_diversity":{"last_reporting_timestamp":"13354561863857231"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sit

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\4bc71ffe-b762-4ed2-9476-e8db1fd81368.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6277
                                                                                                                                                                                                    Entropy (8bit):4.832468161832733
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:stg/P21s13Qb9JrG8z285eh6Cb7/x+6Mhmuecdd1eAeF4X2MR7K:stU4smrGk288bV+FJdQAvXPhK
                                                                                                                                                                                                    MD5:05E9B3294C14EF0FB37CBE251C566F63
                                                                                                                                                                                                    SHA1:09F403B864E36848200F340FC83BCE107D78FA72
                                                                                                                                                                                                    SHA-256:2C35223BE24B24AFFAA001316A1F946E6B8BCEF71F2B5A3D8562648BD8A0BFCF
                                                                                                                                                                                                    SHA-512:7470C3B677CC45B8A9668104985B0E0B5694FB051CC99295A922E0F6C874215FFEC70F909CFC26FE505CC70BAE293A5952363453F31B2364B01ED61D44DD6898
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13354561864756333","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":576,"browser_content_container_width":1049,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13354561864577512","domain_diversity":{"last_reporting_timestamp":"13354561863857231"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data"

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\8640cee9-57ac-409f-9e24-9d6344030e08.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6780
                                                                                                                                                                                                    Entropy (8bit):5.579760184607159
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:vkiAPlf/ROoBpkF5d1OiD7VaTEv9V5h5pg5vezodIU8PmSpsA5IOrMn3YPo0MG6q:NkrKF9l5PmSpFIOAn3go0iuN
                                                                                                                                                                                                    MD5:14B5DCE22494648DD6683EEDD5E5A1C5
                                                                                                                                                                                                    SHA1:FE7926A2E4AE31A534FAA75AADC9DF7D73B3B000
                                                                                                                                                                                                    SHA-256:9F76ED2DE31BAC2BF600F450DA85554D446DD316154E15619F94B32A2E9437DD
                                                                                                                                                                                                    SHA-512:90592B3C8C8E8F47C5EC204F60D379DB0D248F383A39A3F37344653FF47CB8FFAB5F790C2221B6F0D71BA4F86B2D241373AEDBDAF6470536ACD77571CF3AC538
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13354561863316208","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13354561863316208","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.officeapps.live.com.mcas.ms/*","https://*onenote.officeapps.live.com.mcas.ms/*","https://*word-edit.officeapps.live.com.mcas.ms/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\987efa7b-0e01-446a-b104-2e597825b01a.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6339
                                                                                                                                                                                                    Entropy (8bit):4.837064587129478
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:stg/P21s13Qb9JrG8z285eh6Cb7/x+6Mhmuecdd1eAeFCX2MR7K:stU4smrGk288bV+FJdQABXPhK
                                                                                                                                                                                                    MD5:70754EC013109D64CD30D3738C759E76
                                                                                                                                                                                                    SHA1:80D4C667F8AD728A42E2F1920405CB25973F80C7
                                                                                                                                                                                                    SHA-256:0A7BA5E94A7A1B1F6ADA5817AFFCE21DF001C56F883F6777D956DB53534EC6D9
                                                                                                                                                                                                    SHA-512:4298BC8355DD8019DD8302B817CD33EA0BBAB1B48B389ABE02F6A08316236765C53C8F51E0127814EDCC2536D3D55D190AB9F5F03498A137A8B8DA15C20F8647
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13354561864756333","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":576,"browser_content_container_width":1049,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13354561864577512","domain_diversity":{"last_reporting_timestamp":"13354561863857231"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data"

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\AssistanceHome\AssistanceHomeSQLite

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12288
                                                                                                                                                                                                    Entropy (8bit):0.3202460253800455
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                                                                                                                                                                    MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                                                                                                                                                                    SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                                                                                                                                                                    SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                                                                                                                                                                    SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\data_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):45056
                                                                                                                                                                                                    Entropy (8bit):0.15542643195233505
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:d1Ipj3KZ9CoziRWK3D8objEdyQCfKuUVFRZWsXTBw0u:3IwjCoe3LrKFF3WMTBwl
                                                                                                                                                                                                    MD5:E996C7F9063D4877D7D47ED59D214E3F
                                                                                                                                                                                                    SHA1:D32062E40E801DC37C788301881BDF18AA5F214F
                                                                                                                                                                                                    SHA-256:5BEA1CFFA19EF1122135AB5B8A425AE8D7D7EE9F969B37AC2B80A522CCE1EB66
                                                                                                                                                                                                    SHA-512:D559D4E264B5F9454C6242D92C68B2B59B717FC1AEE771DF6F25EB38C0546694B8868AF640AEC1C31FE3B108622567FC252FC2F0610DCA782E8006710BF3AE27
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\data_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                    Entropy (8bit):0.2938196478181513
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:gS2izTnQMgbIkV5XB7hMw6Td4lK5yteyOw6Td4lK53FT:gSfHnQ7bV5XB7hh6J4lZeyv6J4lkF
                                                                                                                                                                                                    MD5:8AE23F4016E5BA2D56A380E8DEFA60E3
                                                                                                                                                                                                    SHA1:03C756E5C117BF189DB4D757A14D58D162564AA1
                                                                                                                                                                                                    SHA-256:D54DFA83F58405EA3EDE4AB6BC10F62BECB8E577C1756B20F9890B086E15CA3E
                                                                                                                                                                                                    SHA-512:CF6FE19DB3E394A670C81CB4E0E783A162935C5E6114F1164B099CB47836BF53850043C67C18FBFBFDC6137B8DDB8FCDF87EF3AB65E4244A73D4EF25CF69C84C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....................................................................................?...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\data_2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\data_3

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4202496
                                                                                                                                                                                                    Entropy (8bit):0.5916252342007957
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:tHwGe9wGI5tvMv9Hwkl9SBwG8rkwGFTVHPjAxwGDahwG7OLSJ2wGwe2wGX/dwGSb:tuGIxSWyvsgwAOa3mYXTtUjDZ64+zja
                                                                                                                                                                                                    MD5:DEDECCB63FA966943408567D09F0ECEE
                                                                                                                                                                                                    SHA1:D2386CF47D31533AFBB71AC4FA715E794F2A4257
                                                                                                                                                                                                    SHA-256:51F856583FAA4298564ABD3AC6DA09F1BC361EB59E775DF2AA0A73D3A420880E
                                                                                                                                                                                                    SHA-512:B3D2E22F59909ADCD2010E46E85ACB6C574FF37DB6D60D972C19D60DB55D751F4D7CB66B11FD7A0A266F887022EF988405E3182E6A85B0709795C00098628B0A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:......................................................................................7.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):61600
                                                                                                                                                                                                    Entropy (8bit):7.99601906843387
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:qgtYqAbU4UegMLbhTJC1ouyk2vjfF+Fm/qmYf3bcH:73CU4UwLbhtRjfMldf3YH
                                                                                                                                                                                                    MD5:2DF5F5D6BBAD66BD891AE8B7DAD3E247
                                                                                                                                                                                                    SHA1:5CA7598386AB089F6BE3C461215F1B42778742BC
                                                                                                                                                                                                    SHA-256:B94E0DEFC6031F32A9A72EE336A06373B916FD4D87AEDB586FBC588F4D1F13CD
                                                                                                                                                                                                    SHA-512:1F287F7CDFB0CEC556737AC8DC343ED5F775AFFD190C9F96168C825BF12FBFF33659A901E831583828533B1F30C360CAA8912BBE60F3378A1BF62949D7A75513
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:'..1#]..|.$...o.9.......7..?..[`0.~.0-..t.=^.....}.'...1 ...7zs]Z... @4$1..ZL.$_.=.l)c..!.`P.- .O.U....|!.R.."R...6.5.[..`..4.. ......?.....:Sn...u.)....bI....igQZ....a...M3..Ni... [?.!....{.{`F3@R..l.....~.}..M.n..u....;....j?<>rj.f!t. .....a..e$0.$.,..P.h.OO......{.^!.......C0........g...F(4"B.....5...d.&.%(.3=......4...X..M.w.E!....4..p.....}y...(.:HjX..3. Z.<.....\..].dW ..?.5...=.WB.[V.0~0..+rU....(........[b...U.6dZ.5.2....z.?.f.vg.4....i....?..1..;Y....6L=..s.c.B?IV..-..e.?.8....b\2........8V..!.m.w....W.6.-.L..E~Zm:7..,.O2.,.Or.......l.O..J..;[C.... ..y.c..ev....*""...i.z..i......X..}.P.smHcS...V8..VH"qE...l.0. {KaD..P....Eg..R"a..C.P.zF..%......$......z....W..UA.I.......bO..7.L..=...I.Tx...!......G..-.S8......yt...)..vu[N...v.?K....RDX|..gv.].U..!y..._).iw...X.x.Rp.3T..C.....!..?..g.z1..*px....E@'..v.Gg...0..am..<:.....c......=.......a..1..t...x+.#.c......W..f|.).E cH.m:z...,v...Q4...[..2... L.(.q>(.....<....?.+.4.!.....B.x..~.czz-6ZP..%

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000002

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text, with very long lines (937)
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):229174
                                                                                                                                                                                                    Entropy (8bit):5.307942378379161
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3072:9JA6XHyQtP4bAbamDp5+5YdWLgZJSVY6zrTC:gOlGmNtPZJutC
                                                                                                                                                                                                    MD5:FFB363554756B67ED2F5BF2975CCEAAA
                                                                                                                                                                                                    SHA1:0C7B9920DD6E69BD1702285CE47264AA30D7CADE
                                                                                                                                                                                                    SHA-256:7D183954F519B0DAF8AC76850BE426D71CB8AFEA4C61B013FA0285E1B765DFFB
                                                                                                                                                                                                    SHA-512:B3E2FE7EADB07516B591F623F4DF23E52111BA3D60DDA72D77016DCC7D4CD6E73976657DD93DAD00DE22F9C4A9E048465D8E1D59110CB8A2BCDB95ED73FAE458
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.a1m9qzja{flex:1}..aja0x350{text-decoration:none}..ajuzgosp{transform:translateX(50%)}..amxrrayi{transform:scale(.97)}..aolan8vx{transform:scale(.94)}..b4a78re4{transform:rotate(135deg)}..b4xm8rjh{transform:scale(1)}..b5bqnu92{transform:translateY(-240%)}..b5u0g8pm{transform:scaleY(-1)}..bglikw2g{transform:scale(.01)}..bj62907l{transition:none}..bnt9nn9b{transform:translate(5px)}..bpg350cc{transform:scale(.95)}..bqte3on1{transform:translateX(-1px)}..bwjm0vhl{transform:rotate(-90deg)}..bx5xyesa{transform:translate(0,2px)}..bxpi4b5r{transform:translate3d(0,0,0)}..byw3xhqn{transition:opacity .3s var(--t-ease),transform .3s var(--t-ease)}..c5h0bzs2{transition:opacity .08s linear}..cgi16xlc{transform:translateZ(0)}..cj60lzza{transform:translate(0,-3px) scale(.65)}..cljgexa3{transform:translateY(6px)}..csshhazd{transition:opacity .15s ease-out}..cxnvdhix{transform:translateX(1px)}..d4g41f7d{transition:opacity .2s ease-in-out}..d7dzraxg{transform:translateX(2px)}..d9ddx5tg{background:linear-g

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000003

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):89210
                                                                                                                                                                                                    Entropy (8bit):7.994540197500218
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:1536:wSS6O4O20i8So+VO/JZARplDqBkTindDacGl5LV+TT/4xOLTQsQcmpYb:wGL103GI/3he+dDaPz8TYOLTQsQcm2b
                                                                                                                                                                                                    MD5:2CB586BDDEB49540EB56C0F7AF4725DC
                                                                                                                                                                                                    SHA1:622D5D204E4BD8F68FA60E6AF2E558C416761304
                                                                                                                                                                                                    SHA-256:05991008258FECDA54EF330866E2765D5A56F6D8460F7A3E84D25C4AC2A261D7
                                                                                                                                                                                                    SHA-512:95ACDD08EF6A6113EE2C0A0CDBF5A66B478592404A997376F5908227D7C379C2EDE9B8CE2B4364BFFBD1865024748AD8D15C7C26F22DF69232E9C17CAEAEE870
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:'8.QE`...@.<.Q].aN.p9i...j..w..*~...?....`...aZ..r{.>..}[.......o....y....70.(......6.......C...........*..s.Q.k.H?.q..........(B!.......??_.k&........=.D.'....=Y..."(..&^..V...%.nXh....E.$.*.qnT...}y=S..R....l...u......f.bnu.%.h*1...4n.R m.....Z.b.xG.....{3-.iWE.......s...!O.x:o.\.{.w.....g&.=@..2...t.....rw{......2 .p..=......U...g}..8.^)..EW..PI. ..D........|.....g...cn.L..A.......j.......n....u7 m.H..8.AP3E..Yj.."..Fk(...n......].&J j.......o..0...i..p.C..(".;v6.....RD@.Q......* ..9.e:..oGJ(......HU;.6.W.I...1....}k.........M..W.......P3..6...B....1,m../g..Q..tY...t....l!41i.C.._...k.c,...(7..7..r.\..'Z.\S%.H..O.g...6Eh6...O..'.=..p......U.~R;/b....[.>..g....YD.\.U\+..k .I......8S.....X.A:q......)..{ru....).w..........G.@.>4.....1p.B.. .BZW..j.8.....y......%..L.I:.5...x..D.oZ..\]h.!...S.....4>...&n.....H.0d#...]x.!.14..E.It.D...y\..4fQ..e.d..z.w...:0.|y.....e.Z....}.7...w....g[..4.].f.......3.;.......i YtuM.z..,.......{s........z.......:.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000004

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):233729
                                                                                                                                                                                                    Entropy (8bit):7.998615456017633
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:6144:4gauD7UV2a/nRMUASuVRS3J4rkt7N/8+8UVt6lSal9kfPu:rauDoV7/ZnuVx4t7t8oKBP9
                                                                                                                                                                                                    MD5:25CE27EC3B2E674CB3538668466A0887
                                                                                                                                                                                                    SHA1:ED63C70583F774BD050DB6C43C6036194791C715
                                                                                                                                                                                                    SHA-256:952D42F0D09686F9F00345F34F3EA21709AFFB4589D69985C5FD9793B6974E5B
                                                                                                                                                                                                    SHA-512:F52C7F177DDA6D908C9CF7DFB775E11886C70AEBC70FF99B1F20989BC25CDD615D3A3CF95D613D3BC7271C809D1CB1DA0437AB362E0ECA449C6BB80D9F5F3711
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:'Wv.B...@0=.....!....g<...H..q.....@UUUUMI.x....*..O~.._..w..._............??p.p.....C#c.S3s.K+k.[;{.G'g.W7w.O/o._?......."SY..^.=]..~..L....0*A.p..:6c......K..{%+zGe...N{..._28..zB...1.@...p.eP.......=..5...x.m.l2y.&o.gJ....K...ql...j.......b.G-Z..8!..u.H<.keg2..G..M.1.h.........?_p.......!.i.@......a_c.Kr%.Gb....y..j...U65E $L..b..+.l?@.#.I.]........u.....w...%.#G.'..E....r..N...w~....%...).q.Ay.V.S.W...7..{..r.n...H..9-.,.Q.#.a.@(.h.m....R...)y...wyc.....N....>...7....m5..6...J.0f.2..J].l..*..e..?_ij..b.....v..H.[.$C..+&q.`O....v.......OxH..i.D.k.d..$'YO.W5..7..j.d....HcB.g.'`".X+ge;...f...3x...._.......b(g'.a%N<.8.3^.it|a...S..hz.....}}..N=F*...esn8.$.Lg....5..C.....G.$........./...Hq....(..<.3.$....x......hI........._..G...f.e'.....U(...+..!l9QQ. .4......~.s\..$..t..../.kE..[ ..j.Fx....;.L..'.K...V..}.5.}Z..t.+....Xn..K)(.a...X:`...@.h...a,A!.....2...C|!.Y2.F....bk.p .......s...'...|....f...;00s......=3...4..4w ............../a..Z...V.A...,.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000005

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1554266
                                                                                                                                                                                                    Entropy (8bit):7.999317969130873
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:24576:hZuFTO1+gYizKWjAcwE66dXrXlmgimNfSIhkLSiuvoL+BAGO3H327mQqtNBXxaAL:TE6+MNDXgzmNfSckGbvoL+1O3X2itNl7
                                                                                                                                                                                                    MD5:8002EDB3DB5715A9A7B96835088417A3
                                                                                                                                                                                                    SHA1:4A6195CF04DE05A329BF77BF02FC9B869C450673
                                                                                                                                                                                                    SHA-256:83A969883277C088A063E780EAAE44BCAB2EF081DA9116945F84CF124BF9E376
                                                                                                                                                                                                    SHA-512:1BA7BD6C81455375C697A9DFDF3FD3EAA4E17583ACAD3EF5C911389C51C8B86BE1477A9EE50BC9E3E9E6AD37A60826826C2D547A11F695815D28FCF364507A96
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....kP.}...D..L...{.<T6.aT.....=ls.....@.<............p.........?.#?..?.3?....+.....;.....'.....7.........o....O.........9 ..l.2.C#c.S3f..`.e+V.Y.a.m;v..w..c'N.9w..k7n....g/^.y...o?~.....:..?_.]"Q...>t..,.?bjE.B.Y..._E..J.0v.J..C).....m...g.9Qq....4.}..R..~...H.'.....Iww.....!.Z"R!..!W.W.....{.3K...ip..<7....x...R.R#..5.0.l......._.7U)j.........".Q.JD..tq..fk.X...|~.O..~Rf.'..)u....[Xt.X...ba=,\.....w..cm.-..f...n.\..2.D.T..T....!x..aM-..oA.Lq...{t.lG"..VxE.y...eZ..vC ..T.J.-f........(KQ.e.)..|P%..}5....5.....y.....h..LyE:.f.gN.Q *jT!..Q...j..../....[c2..\.m.l.b[r$9.,.....r...<..%......._..J&.$.(...2.}..X.W..3...X.).._..W....;v...8R.#..t..`..T..WE'....<A.v...m..b9..\I.!@..b.z.2..r.y....R.Z!.W.......x..<.Yo..Yf......1^k...H7-.{=.E"31E..$X.<.z..c.Zf.....I^.f...d. -.F@..K..}.j..w.|T......s.......!@;_.?....P9.4....c0+(..Yjx$@...a7...<R;.....7.Zm....[.=..N....~Y...FM.......j..hJs....-.?.R.}.[N...R.j=.."7%....6.d..o...].?.._.r.{......Q

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000006

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):17785
                                                                                                                                                                                                    Entropy (8bit):7.985389016638041
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:TqKN3pXVb+FeRK2usSzjSDvJOh5i2B0IZxpfKA:TqKN3aFMKuu6vJOvPB0IZxF
                                                                                                                                                                                                    MD5:F5AD1F305492CC14C7B1B6D1E67486AB
                                                                                                                                                                                                    SHA1:51307AB68D8DAED448955AC33349FC1CAB62A3DB
                                                                                                                                                                                                    SHA-256:A1A2DAF2DCBA044B242FE4DB44526A00AB62E3746C2AD1B58947033850DCD364
                                                                                                                                                                                                    SHA-512:AC7042F1026888AA2EE7B03BBEA6FFEF7DFE8050C148667BAEA17E6ABF6F206778C02869052563C602F7CDF45566F4ECAFAFFC6500860FBBEACCF23BCA3391A0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:'..Q$..z("I.....I=.............20v.......nY.."T3y..ao.#&,|vIXy...3gcv.]yEs.T..}.{....y.O.!......AN..,9..g...J.~.........;).$3.....^..*.9....$....$ DP...>...t.....j..........M....."/z.((Y. ~3S.).,.e.G?$.........A{P..._.:|...dg.x..M$D.....:WN.........oSWIG.%(..,4.1..C........U...g....P.#p..%2.Rtt...L...8[.W..!.a.h.S!$...w.._.;..Y....e%.A9...K3....u..... .._...9....[~.g.T..$...Q.....)i............Q.M6..g.....4.....]....~..DV.............'....9f.....P@k.w6"D.....6.b.V.......,.K:U...b....6+...#..7r.........;.T".X......~.W.....!.[.}w..*......\L.%....."W..E..s.^&.....(M.#rUR...w.)H.-{.f6.OLe-.X.....Gm.<....8.......X,.A...*1M.&s..*....0.bze.....V.l..V.sh..z2.h.lM....&./@[.P...A...4.......#^.cT.......}....m.s...R..Q.'.K.._..AF.R..@).........j.z[[S..A$.O...(D..kq.cB^UB.Sj.6...b<l(.*-....U.zRW..$.dJ.%./V...^7.|...]/....A.0.u.....W.<........2.=.U....!.c....=[X..f..OC...d...KS.qL<..%.XRI`l..8w..r.......4Y..N6+..\gs}Su..h[uk[S.1._.F.<./..."..m.u..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000007

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):61005
                                                                                                                                                                                                    Entropy (8bit):7.995327831326715
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:+aAZ9EU8GJsCETSpWtVsCp+CbmCm7CmVh958GzQSpaDGR0X1SkHyAr8U5E98AfY7:+amGrMrASmVsc+CJIh954So6W4meqA/0
                                                                                                                                                                                                    MD5:B01468F7E6C62324751BAC6A73557EF2
                                                                                                                                                                                                    SHA1:53CCE74DED414D63A37818B3E93C90EF2711FC7D
                                                                                                                                                                                                    SHA-256:6B8B6C775D4EE1883370F12573E9CBDC84C0E10BFCDD84C2D5A043E606035720
                                                                                                                                                                                                    SHA-512:28CB21A4CFF2FB1905191A0A8CB6FD45511DC2AF36D7B7BE316EE63155BF76B38E1105DDE5D82C0ECC2C0B92C1F7CBDCDE0C1562C7505E8E7D566F4F77A60F50
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:'...E.q....?......=..).........l..x}~.....~;...B.M^B...../KK..s{....!43.\...#...I,..3...om..m.....7..3...$..~...W.F.-.q=..$aKB..d.ay.}.Jj..U. D.9...D...(...M.k]D;F...q!...5...q.17....L..@P. (.......s.}U|.U.*....H.. ./H...)....X.T@..R..^k.....U.:.Z....u.5...B.y...>.K...J.w.C......^...8.!....5.\w..u.e,.."}............!.!0z."...........,-/..R..D+b......7.{......a..H....g...s..<....5..Z...%.`....ct...nI..m.1W<.........]_V.M..a..J..~..nL.D..6...U..-{v.\'...?H.m....FUO...<..T.j.Y...j5.@..&y.......d...,..iV.......0......Nt.#.....]...#2.......S.q...'3`C"..r..........*r..`zzz.3..U..1....9.T..c_$...44w..5z.......N3..*Y)/.Q.fu%.^...P..j..Z.QsH7@.o.4ha..i..%"....\.....)..rid....B...=q..L7r.g..t#GR%{..*..W......C..D...j...R.y.tf)$.ck..6....QQ...d.!..6..g..(..IG6Yr....L...y..1.....8.#.DD......Z.>.....U6...R".N.t|...Y.v.H..5...N..V.%O...dZ...B..8.1...C.X<..{~..e..qFD!Y,.....AM.......<.\..D.i~.C..u.yO.d.X..oX...,....H........8M.'....N.x;"...o.^.~.bD.....X

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000008

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):30388
                                                                                                                                                                                                    Entropy (8bit):7.9913078115727885
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:PzZ2a9GmPYLF91/ALp9heZnh67n57NbuCBbteXU:PzZ2aQWYpLAIePneE
                                                                                                                                                                                                    MD5:A911176632F31D16659CCE7C8F96C60F
                                                                                                                                                                                                    SHA1:42E26BC9ADD2A7295FC386C81391CCA02D5D6271
                                                                                                                                                                                                    SHA-256:A0D820956479E103A382E40DCA56FEFCC8342B4351D0AC5985408006AAE98DC8
                                                                                                                                                                                                    SHA-512:F5AB7DF910AC90145C186FD301C490EE1B5C16721AD193EB5AAF9280DA6CC89E76BEAC980116EF8DD8DE31687119BCFF602253683A485A16AA6E1A385F32C5BA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. %..d...@3p\.u.-..o_....J:...{..IO.*.Xy:...@b.... Z...f.....Z.e{..I`%..>2...17...ZC.....@".H$.r..s....=.$.."......0,6a.H...k...8.$.d..q6.5Q.=Y..o..[+ADDx.KM.....6.....c..........._3...7Q.....].ea.d..........8]._......]....A......v.i..Z[Jm.]BUhkQ..)|....}AN.........R.-WF..\......b..T+....n....M.\y...D^..5..>..I...K.P.<M.D.%...k..y!.......r...su.....z...n...=..).6...E.&.n.5<.].~^.?.b...).;....c..[.^...q.'..B.n!.P...~.....7.yr..E..o....T...O.L.@51.....J.r..R.cANV.#...Qt...=.....h&...95...^UT...b.<........g...;.R.{q.....Vi.z.z7...H..j..S)...}.............].0.i. (............3....P ..zg..D.-H........m._..r#.>M..........^...%.....J.....2..B..ifVjH.....L.lF..Z./.f...!.x.VtJ..Gd.sp...$+...-:\{..........&..4..Z~9...... .+...7 .k.q|.F.}.....(...Jnu9W.8..@Y.j.O........`E.?4.P.%.}..`...h.1..&.mM..X...(.....g5~p.99...2.k....o.....1......q..%....P..9.-..o.9v...C....A...e....(E6.t...U.....W.y%\.ko+Z.h.Q./...T...?26.p_../..... .}...2X.3./h....N!._?.q.<p..H..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000009

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41677
                                                                                                                                                                                                    Entropy (8bit):7.993642166859117
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:xvtsoEV4kasEB83Dy1Ev4rEVhpuVogM5KQ3bafr9mO7Ua0XhN:xvHPka3BoD/v4AVh6nMcQ3k5ihN
                                                                                                                                                                                                    MD5:32C059D92C6C9DCEB08FA6F8815F5743
                                                                                                                                                                                                    SHA1:B6AB9CB8D5036627296C6FB4550B026F94C45B71
                                                                                                                                                                                                    SHA-256:6F69E05D88EC9CC620AACA8E6968532D027753D638250D6AA50D89783A9259C2
                                                                                                                                                                                                    SHA-512:3AF5E7388295E4FE5BC2FF81A8C25015C406924B7F764D8A21BDAD8580B833621E88178BA3AAB8429934BFA61BDA5989DCF19B59C03514F6F0835A08C981F4F1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....QY.!....V.....h.,.............t.U;......p$~$.B|...}...f....8...A`.N.DJ.`\..tE..T....Kg.u.g>.A.6h....F7..!....$@....!..P.3w>...K..2W....H2..K...^.].*.{'...iv.9v...w~...,sv..Y@n@...eRdl..q....+-.F.m48m9Z..'.=.'.{_.."...@e.#..Z.UF..Y./.ga"....E.).j).cTS...p6o....G..=.6S..........c....^~..FD.!3.Z....Y5..X.1.F._.....8lI.W..].}F<.Ju\.B..&.2.0.+....2.F......>..{.y..c.{...{..^..}.<....z?.......~.+.y).m..f..S.;`.._~.w..w/t.....<.w......^.{.vn"..x.b.Ky..?.?.R......z.L.Xgx.Ky..>r.]..97Uy.M..9.*....M....$hF..N<2..@8R...y-..%.z...x.yj...W1'f..*o.I.8....C..)N......e1E........2...p.#..3../._...Y....}..c.{...{.9;..l..1.....c...S......V.j..)Os.a.r.'.bL..O.1.U..\VNG.vfU`.....,me0.y.5.-;}......\..5..S..A...M:......vl.UlE...X0Oeh....]...w.|.....U.;.B.....5.37.{.$./.N.....98.8.C......<..M.O.1.}8i.G<u....O.Vqy.,G'...4!.=.6.;k..._...t.Xqb..l.0...G.'.G1(2...rc......L.@..(..J....isIF...~.....d.@..$zb...C...=.B...zT.%$...H>.......r...R.@..6`..h.K...\

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00000a

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1235163
                                                                                                                                                                                                    Entropy (8bit):7.998934966193857
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:24576:Zri/YuWnUKtL8SfdCGi2/bKaJMUZs/587q84mfcNqcnMCsfFMeDyKp1:tgYuWUiAcbi2TTJMUWK4fAcWMeGKr
                                                                                                                                                                                                    MD5:45BFA234D28D947D096418C00478E7BD
                                                                                                                                                                                                    SHA1:8BDD2DE84B6375D0FDE0C56FC3D96A476ADD92F6
                                                                                                                                                                                                    SHA-256:F0F4C29BDD4AD238DFF8431C9D885954EE5D1EF33255A6B2A9A2088874EBE2C9
                                                                                                                                                                                                    SHA-512:C0AD155F775CDE9406B78073145C526EF550558BB06A930EB21B4ADDC87404ED32460D056E6889B1E348F66E0D60CE03F3F0DB4777D9643FC9DFF47A3271FF2B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....GT/..?l...|..Z..6......[Q......l......PUU....j?.._~.?../......k@....!0426153...b.u.6m.c.}...9v..s..].v..{..=y...w.>}.........v..Vf!m.Y(......}..qh..L...vOL.......7x^...S.....-.!t...+U..D.[r..@...V......N..t.h(.+..\c;..^A.EJfB.l.r.........9_h.W.J.v...(.......S....x...a.KK+_..`B...V....V..o...7.R..p..H.O...r...)INN.KG..M.1...P."....0..`.y.f]...5...|..BsU...D......y5v.._.WA.F.HT.v\...U..m.f...|....JD..,.JVnnpj.$....,'}.~...>..Z.X.X=.P*..x..s....A.oZ.}....R..@\.Fa.8N...]K.t...Zbl..Z.*.6...Z...)....n.<..G_.#.KU....rW;^j..$a.....e.Y.g.2..d........_.._H..,..<9^..mK.i.4..=.......{..f..=.v7).aO.Hv2aV.![J.$...&..3..[m-.z.@r...$Q..Q.%q.U...t|\.y)."...e.....=..y..^w.v.....i*.~..F....o@dgL.......ta..kt.:G_^_..:.{./..{ .......gwe.s:..s....../+.%..,.<.,...._~..W=b.(.1.........QD....w.j5.........$..U.~U..mi5cM...6$4..5....L...r.6@U..~.Sj..e_....P.f.BC..~i..Of2..U...S.=.T=Lv......U.I...l.}.{.........+"....g..'n.... ....."S..L.@..@..S...H.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00000b

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):892869
                                                                                                                                                                                                    Entropy (8bit):7.999291051889471
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:24576:szGr96V0PV8xn+W/Em9kUiRW3ecCm62qnLdxwPGi:seyn+T07VkmWnLdWGi
                                                                                                                                                                                                    MD5:BE1C26937EF0799A78B99360FBE6F8DC
                                                                                                                                                                                                    SHA1:6C5F77BC9626B1D592617EB38356CB0A40ED3DD5
                                                                                                                                                                                                    SHA-256:8B84587913E442B451C1D3AF6B1BDFDED7BC922A998789874CA266A1E83E812E
                                                                                                                                                                                                    SHA-512:C245109CE88934E2F3BCEAE730C80EBBACE776F884CB7B7C05516870667E354107ECBC50885A02E4F41F1C3565F53DF619970B93452248FCD401AD5BF63A3D01
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........Q.. ..........yxB....M..x......................J....WUUUU................_.._........?..?..................................................ML..-,..ml......9w..k7n....g/^.y...o?~.........j......$...NqB.)...H..j@......_..........t1g$`^I..UtL.&..5...!}S.v....tq.].L%l..olB.Y!.........*.C....|....K..d..J.$?S{....V#2...<.pL.....{....S.......v..=Ig..&....p.5..#.w:...}g...h.z..`....y..@Y..v..,.$j.)......../...z:..!..)}....x.|..@t1#*DHb..|_.._........zZ......v+...p@...S K.r.C........eu.,...HHtM.......3..7:..2.d...k...u.(.h...jT..@.1.M......`....`B.~......P.Q#u...r`3.C.;s..6.;.w,.............5U-!..:Mf.JB...&.R1*..sc.....r.K3..7....Q.i.vf...D9f..%h..VqC....d#..m......T3.Q..L.9Nr..s..r......C.Z.k.kY..u9=...4..eKN...x...#UEI.]"...............+%'..}..M;`.....N....p.M..H..........+r..AE.05...^......vl.#..hAdQ.4T..bw+"...Y...;.q..av##.pt.*I.,.B.<..qC.h..F..B..?.1._.\...7.3s.....`..0..X.>..=....~..(.~Q6...?.W.....Eq.Y.p.&..eR...+.n.;.......$......("..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00000c

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):307110
                                                                                                                                                                                                    Entropy (8bit):7.998346865766936
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:6144:IYFBHOlcf0q70z2Yn5Q5DFgDeoT65LBzHmOxr88iQ:IYFBuqMq70z2jxY6XmOxr7
                                                                                                                                                                                                    MD5:C3596B9D76447863A6D090063BF6900E
                                                                                                                                                                                                    SHA1:439B20C688ECE7888DC692B2AE1299D2C83A6C5F
                                                                                                                                                                                                    SHA-256:638FED787D3AA7A48B9D5354326D1FA94ED3EE26FF201674F67EB1BDBBFE2350
                                                                                                                                                                                                    SHA-512:C7870E589191151D6525A4B28E78610CFA557DB6CED1834D6173E0F1344F6F5EE03FDFEF783231B453AB382F5FA71B679596C7919E06D497CF0B4D1F127322B9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.......... ........yX6DY.8......:..kOZm...................?.c?.S?.s..K..k..[..{..G..g..W..w..O..o.._.......`................................\.q.....<{......|......7...W.Q...;.._)._;....I1.i........<.k..t.S...vv%/.P0+[... ....z.........6.au...n.Q.C:d.A<X.d.}.L.*$...[A8.RaY..W...M.....-...xc.4...v.*CI+.*@.B-.....~.... .[...T.....M...a..tdq"_.Wq4.|+.}......np....f...@..R.m.i.%)....?.....D......a.i.L.6.3.tO_.;%.cP.H.t ./.7...dm.W=.....C..+{...bO...."..2. .M.("-j.....!j.....V!i..xsqi&lB\.>.......m..=TEv.A.{>.4..Wp.()......|_....b.r.a.!..e..NI...8v..... .)aB.........U....pt......$..,.e.zF..Y.QFD.......J.....j__."+..i..../...n..fk.N.I3*X.%.@.........o........[...6.tKh...T...xBTl..2i@yW.;..~.HWB.p#[....R..!.& ...E...= M.y`D....._.._.H...'.W....m.8YHl[..h......~..kX....<.......U.....P....G.Br..<../.C.......!.......ht...c)6.QE^J....o3D..u.%]........I.]...[]...]w.y.*......._...H....O..%...v^;....../@.....I.............^y)..1..8.b.m=.FH.."K.$....T.t.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):524656
                                                                                                                                                                                                    Entropy (8bit):5.027445846313988E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:LsulUYwl:LsNfl
                                                                                                                                                                                                    MD5:909AEC79CB5006BEABAAEF682C6DC688
                                                                                                                                                                                                    SHA1:441437F287FC58AE5E54DAAA180F030A0414828B
                                                                                                                                                                                                    SHA-256:4A4BEB8C4E5D0F3596AB5462EBEBBB903B6F8BAC31A1BF11DA3F93953290B261
                                                                                                                                                                                                    SHA-512:924F307C96BD97DCA3739816CBBF5541D173B71BAFDF419E7A84F7E774F5AE5D84DC53AF52C53DD7D440E655123D492AEEDC8A68215F7D3D02A2DB7E05167182
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:..........................................<.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\030a56d6f261fcec_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):227
                                                                                                                                                                                                    Entropy (8bit):5.38819686155935
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:mKYYRiUKSVU4dJ4vAH6tFRlglXa0rwzFBpr:/tKSVVf446nUlXacwP
                                                                                                                                                                                                    MD5:CD95E131A20A59565CA0AD129CB38A1A
                                                                                                                                                                                                    SHA1:2E4701EDD155288ACA31F94E7014285CC743D38D
                                                                                                                                                                                                    SHA-256:092297996614ABC7DD14384FF2F4C2FA59451D974AEC64AD53A91D136E2554CB
                                                                                                                                                                                                    SHA-512:B86E3CB87D18A8F9A010571B3113F1AADAE25DFD77DB8B2A62F6F4B9703C9405E2756161D1B70B33E3399EEF5B8B379EDD52A83340E4FCD2C1A5022D98BA0E31
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m......W.....A....._keyhttps://web.whatsapp.com/vendor1~app.264a01b6133c4a120327.js .https://whatsapp.com/.A..Eo....................B=.q/.........Z...........$.a......._.W..(8C..9.N2..V...>....(2|.A..Eo......)..u$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\158f5bd06717d691_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):221
                                                                                                                                                                                                    Entropy (8bit):5.360258411795432
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:m+lZZ/la8RzY5GWWiKzRpBHEHRXERWEDAom5ktxKRPt/l9lwBLEXZ0TxWQmYk:m0/lXYYRicfEHd4vAH6txKRl3+BUK9a
                                                                                                                                                                                                    MD5:169B2CB7172DA7ED9605A869F88856F2
                                                                                                                                                                                                    SHA1:A22AF53E92101FB13DF6659481162DBC7F59161C
                                                                                                                                                                                                    SHA-256:89B985A342CA50FA59A9FFC15499C911CFBBB7B180196050CEF99AE1655BB620
                                                                                                                                                                                                    SHA-512:FEE7F40C455667C54E66119E626524BF98B9707DF9FC7EB96874989446AD806A41954DD68683784C947CE8E85CC3BBB21A0935A507DA69918F223FC083132FE7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m......Q....XWu...._keyhttps://web.whatsapp.com/main~.f4046bd714178dbbb8c1.js .https://whatsapp.com/.A..Eo...................`.=.q/.........Z...........7.a.....mQ.c...5...../.._.x....W.m...y..A..Eo.........$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\252cfc6f27a294b1_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):236
                                                                                                                                                                                                    Entropy (8bit):5.361915815168435
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:m4/YYRiGrHLUiPCVd4vAH6tGrRlfEc+0HAI/l:977LUsCb4464+4xt
                                                                                                                                                                                                    MD5:AC875F1D18B0733F04842AACE7D4AE47
                                                                                                                                                                                                    SHA1:25EDB7611705B401C68306F12C40854E3300C3CD
                                                                                                                                                                                                    SHA-256:B64EC6C2E4D7DB9850DB45BCFB4A7B437FFB1065278E3FF02E56799F31A1E476
                                                                                                                                                                                                    SHA-512:27F73949A90419898A9E245DB7418254C2C97C520E94E2C47CE612A8A2691008CDA74628DF34186C3C4388488158F26D9D4FA06994DC06F7841CDFA6C9EE78BE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m......`.........._keyhttps://web.whatsapp.com/moment_locales/en-GB.1a0883d124f255e1ccfa.js .https://whatsapp.com/.A..Eo.....................=.q/.........Z.............a.....J..!9.B...nt!y?.N'17>.$=.i33.4.A..Eo.......a..$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\3c310027e3b85e7d_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):220
                                                                                                                                                                                                    Entropy (8bit):5.312357935880237
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:mTXYYRinVxdJsd4vAH6tOLRlScEl3q9ot:Kraxde446sfs6o
                                                                                                                                                                                                    MD5:285C01CC398A25DE282370A8D6C1F268
                                                                                                                                                                                                    SHA1:2A68CAB2D7AE3A92E59BE1D5E8030D16E9801798
                                                                                                                                                                                                    SHA-256:3BE73BD8CEF8914839DC26893D2F38F5C04E105E82605FEFAF7FB7F42C0C4964
                                                                                                                                                                                                    SHA-512:B918E4C6C07A9264BB605F089BFC343E71156F9279082B2426D4C2E3355FAAF516B7036446948A8A8390E67B86D93E356A9D5D0B739EE31E548B736B7F433AC2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m......P...m.[....._keyhttps://web.whatsapp.com/main.3d4bb07beea083ab8b3a.js .https://whatsapp.com/.A..Eo.....................=.q/.........Z.............a.......=..g....'wBG.@.`..k..1.5....s.A..Eo.........$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\5bc7517a7edef195_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):223
                                                                                                                                                                                                    Entropy (8bit):5.346188650328473
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:msBr/VYYRiQOdkYDd4vAH6tJlgqFCpvClEk+4/Ll:Bt/J5Q446JFCZk+CL
                                                                                                                                                                                                    MD5:CC4C389FD5255E9FECF28C4373D598BC
                                                                                                                                                                                                    SHA1:1F2A568379F54469933A7764D6C09E9FD88097F9
                                                                                                                                                                                                    SHA-256:302486066512C274606732AFDF2DB38AC518AA4CCC36DED67113B13DB22ECA45
                                                                                                                                                                                                    SHA-512:20299CF6C861030845801CE59EF8DB70EF57378C9B2594CDB6AD713F4AEBC509064DA543689607B57E9D700F97E0700EC4D3D48048287D846D2C02D77A8B2B6C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m......S...uo......_keyhttps://web.whatsapp.com/runtime.cf3d9387a416c75bf2cf.js .https://whatsapp.com/.A..Eo....................>=.q/.........Z.............a.......Ai}..H..e./5sF...q.+i.q..;p...A..Eo........Q.$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\69d5c4b8b78d9bc9_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):225
                                                                                                                                                                                                    Entropy (8bit):5.3343459649897
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:mXltVYYRiUzdSd74vAH6tKVYC9lMKouxBm4:Cp0d7446AYC9d
                                                                                                                                                                                                    MD5:C4FE4997AB3C3F72E7053E1A825B2268
                                                                                                                                                                                                    SHA1:0BD1DF2A87D0C54411C171D31C45861C16A1FDA8
                                                                                                                                                                                                    SHA-256:98881C6C584A1F5178920F440D6542BD21ACC19962E1FF9418A0D59A0247A591
                                                                                                                                                                                                    SHA-512:BAF8CC1BA7927DFAC4F02B2F36EACF333F0AE2ED6B570C53A355480A6474FD6E53C3DEDDB04C30A3B4F3F9FCF36610115867E93D22EF78200817207B85F2F542
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m......U...5.A....._keyhttps://web.whatsapp.com/libsignal-protocol-ee5b8ba.min.js .https://whatsapp.com/.A..Eo...................0=.q/.........Z............a........H*+.....4;...`...;;k&...G.[`.A..Eo......FU{.$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\88268006280a6293_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):228
                                                                                                                                                                                                    Entropy (8bit):5.433585515943898
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:mKLYYRiUKLGFSnb4vAH6tllnlQtnf9vjlU2v9pK4Z:5tK6F+b4460R9v9
                                                                                                                                                                                                    MD5:EA3B1DD566958D0FA73B181E46B9972A
                                                                                                                                                                                                    SHA1:73E0CF11E590D34360B5444EEFA42D02F54CF3A1
                                                                                                                                                                                                    SHA-256:FF782036635C8DD51D135AAC66FB108EBDD3C75080B4B3103E1820A85DC04D5B
                                                                                                                                                                                                    SHA-512:5C74014E4A3BD3C3B268DA988CE3290922834CE0B2B2DFD18B40D59E948EC251EA86B6F32B5787F3BE85C1573A4E25B5DE6AECFDE1F6B455E8F69B38526B335A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m......X.........._keyhttps://web.whatsapp.com/vendors~main.75ffa609850dd95ab8d9.js .https://whatsapp.com/.A..Eo...................V.=.q/.........Z.............a......;.:0...~D.....\.....7}.5.4oQL..A..Eo......n..$$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\fe44f4c0e1d82fea_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):219
                                                                                                                                                                                                    Entropy (8bit):5.33367346518634
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:mViYYRiui5AHX2b4vAH6tOv9le82oJ9P4:VBgUg446wcoJJ
                                                                                                                                                                                                    MD5:2960FAD66A0FD5830F15CB425F510D9D
                                                                                                                                                                                                    SHA1:7D9FF8D7B38C4887B40F6025040D58F5A702862E
                                                                                                                                                                                                    SHA-256:7348A3F9FCF591CD24531FCB6222B624DE4231A36B82C1DCF10F76F9D13A52C3
                                                                                                                                                                                                    SHA-512:6E94E90AE860C951457693D6C09E6D66F727FA66A63EF8B47DED4D73AC8780AEAB663295064962DDBCDE8C315F657B5C21F61B3B9156567A014E696FA3AC0E66
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m......O...M..B...._keyhttps://web.whatsapp.com/app.febe97f47327a63e0d22.js .https://whatsapp.com/.A..Eo....................N=.q/.........Z.............a.........aQ.O8....kW..Y.o...k.N..U..U.A..Eo........$.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\index-dir\temp-index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):240
                                                                                                                                                                                                    Entropy (8bit):4.5339363845562275
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:cdPys/vll/lwsBc+9MTlO1ucTloCKEM+ljl7YEpl/M6ORXT7297l3Llvbaln:cdNT1ClO1ucTliEM+Z+Ep0Te5Zbal
                                                                                                                                                                                                    MD5:AE37DCAAA8687837731D36898084D0DE
                                                                                                                                                                                                    SHA1:A80CB710083C9C2885BE9F315EB24DBAC6C5168E
                                                                                                                                                                                                    SHA-256:0C0484A962E5A583FB3E9B6B3F0B3D9F53CAF8304C200A56B452714789E7CC8B
                                                                                                                                                                                                    SHA-512:6D9DEA3FD1C2764CFC1D1EECA5A646187C0EFEFF0882957982A081C7D0076DCAF12B78CB3621219DB00D8FADA43C1580DC7330177EE81360A9970F4F620F87D1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:......)Hoy retne........................}^..'.1<@l.>.q/..........b.(..&..*.=.q/............g.[...*.=.q/............'o.,%...=.q/........../....D....=.q/...........a..V...!.=.q/............~zQ.[..g=.q/...............i..g=.q/..........5.>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):240
                                                                                                                                                                                                    Entropy (8bit):4.5339363845562275
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:cdPys/vll/lwsBc+9MTlO1ucTloCKEM+ljl7YEpl/M6ORXT7297l3Llvbaln:cdNT1ClO1ucTliEM+Z+Ep0Te5Zbal
                                                                                                                                                                                                    MD5:AE37DCAAA8687837731D36898084D0DE
                                                                                                                                                                                                    SHA1:A80CB710083C9C2885BE9F315EB24DBAC6C5168E
                                                                                                                                                                                                    SHA-256:0C0484A962E5A583FB3E9B6B3F0B3D9F53CAF8304C200A56B452714789E7CC8B
                                                                                                                                                                                                    SHA-512:6D9DEA3FD1C2764CFC1D1EECA5A646187C0EFEFF0882957982A081C7D0076DCAF12B78CB3621219DB00D8FADA43C1580DC7330177EE81360A9970F4F620F87D1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:......)Hoy retne........................}^..'.1<@l.>.q/..........b.(..&..*.=.q/............g.[...*.=.q/............'o.,%...=.q/........../....D....=.q/...........a..V...!.=.q/............~zQ.[..g=.q/...............i..g=.q/..........5.>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RF622d2d.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):240
                                                                                                                                                                                                    Entropy (8bit):4.5339363845562275
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:cdPys/vll/lwsBc+9MTlO1ucTloCKEM+ljl7YEpl/M6ORXT7297l3Llvbaln:cdNT1ClO1ucTliEM+Z+Ep0Te5Zbal
                                                                                                                                                                                                    MD5:AE37DCAAA8687837731D36898084D0DE
                                                                                                                                                                                                    SHA1:A80CB710083C9C2885BE9F315EB24DBAC6C5168E
                                                                                                                                                                                                    SHA-256:0C0484A962E5A583FB3E9B6B3F0B3D9F53CAF8304C200A56B452714789E7CC8B
                                                                                                                                                                                                    SHA-512:6D9DEA3FD1C2764CFC1D1EECA5A646187C0EFEFF0882957982A081C7D0076DCAF12B78CB3621219DB00D8FADA43C1580DC7330177EE81360A9970F4F620F87D1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:......)Hoy retne........................}^..'.1<@l.>.q/..........b.(..&..*.=.q/............g.[...*.=.q/............'o.,%...=.q/........../....D....=.q/...........a..V...!.=.q/............~zQ.[..g=.q/...............i..g=.q/..........5.>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\wasm\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                    Entropy (8bit):2.955557653394731
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:NGlKp0ELjn:U8Ljn
                                                                                                                                                                                                    MD5:C3FD558F58104BCB01CDA49007C0048B
                                                                                                                                                                                                    SHA1:3C543897CAE310654425189B884AB81DC06A8A9E
                                                                                                                                                                                                    SHA-256:03C2D008372016F78B36612C7BDB6BA632EE502B8488CC10D4938BB49BD89729
                                                                                                                                                                                                    SHA-512:2870D78AACCDF5448BCD30BDF4B9797DE3C8DFF1893977FA50053C0F788FB49768E30DFE67848BF4031CD633BD99C3C810F23FC87214E7D921B98D437B8317F3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:(.....b.oy retne..........................<.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                    Entropy (8bit):2.955557653394731
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:NGlKp0ELjn:U8Ljn
                                                                                                                                                                                                    MD5:C3FD558F58104BCB01CDA49007C0048B
                                                                                                                                                                                                    SHA1:3C543897CAE310654425189B884AB81DC06A8A9E
                                                                                                                                                                                                    SHA-256:03C2D008372016F78B36612C7BDB6BA632EE502B8488CC10D4938BB49BD89729
                                                                                                                                                                                                    SHA-512:2870D78AACCDF5448BCD30BDF4B9797DE3C8DFF1893977FA50053C0F788FB49768E30DFE67848BF4031CD633BD99C3C810F23FC87214E7D921B98D437B8317F3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:(.....b.oy retne..........................<.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\DIPS

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                                    Entropy (8bit):0.4664995203625055
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:TLUYFQq3qh7z3WMYziciNW9WkZ96UwOfBaDo:T4uQq3qh7z3bY2LNW9WMcUvB
                                                                                                                                                                                                    MD5:69E0285DE880B76F2A02244937A55FBD
                                                                                                                                                                                                    SHA1:6FDF99F25B4F33EBB8535BB1C1E34BFD9AF0A755
                                                                                                                                                                                                    SHA-256:C202E5B496F75FFE9F450A802AF648EF39839B7CAF8DF5F26594550876BA0CBB
                                                                                                                                                                                                    SHA-512:578166F6884702C56E06510AB80A4130BA4A2A7F0CD6F1B2D5B7AC38B07433205DF7ECB137DD6B878A238F573FFB0B8DF2F6EA9B36342E0CEBCE7EDAD3DEB0FB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\DawnCache\data_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\DawnCache\data_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                    Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                    MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                    SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                    SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                    SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\DawnCache\data_2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\DawnCache\data_3

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\DawnCache\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                    Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:LsNlVT:Ls3V
                                                                                                                                                                                                    MD5:B786BA262424F9116EDBF4EFCD33D113
                                                                                                                                                                                                    SHA1:B2C0560C341D22B5C93CC906AE7CDE6A87D377E2
                                                                                                                                                                                                    SHA-256:31B0717AAAFB186563BB2C9FBD0C75510090784FD5710BEE9943182C45CDBB73
                                                                                                                                                                                                    SHA-512:98F1351AD231352CC1F876FEE217A485013F6D0A5048FF49DD776F67BF57F672E67EED8438E18F1769236138A461DC282C0F9F702F35E1F1E9744BCB87FB80CE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................b\.<.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                    Entropy (8bit):0.494709561094235
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                                                                                                                                                                    MD5:CF7760533536E2AF66EA68BC3561B74D
                                                                                                                                                                                                    SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                                                                                                                                                                    SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                                                                                                                                                                    SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Rules\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):38
                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:FQxlXNQxlX:qTCT
                                                                                                                                                                                                    MD5:51A2CBB807F5085530DEC18E45CB8569
                                                                                                                                                                                                    SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                                                                                                                                                                                    SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                                                                                                                                                                                    SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.f.5................f.5...............

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Rules\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):305
                                                                                                                                                                                                    Entropy (8bit):5.2125929066629615
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:Fg1wknaZ5KrWLYQV+dpaVdg2KLlvPhEQ+q2PwknaZ5KrWLYQV+dpaPrqIFUv:NrHUdHL38vYrHUdo3FUv
                                                                                                                                                                                                    MD5:E4964FD8B78F3DF0CA1AD90AEC2005C6
                                                                                                                                                                                                    SHA1:52AD48B50C82D4B5CACCF76A7B9D80AF43525688
                                                                                                                                                                                                    SHA-256:308C18EA671B2A0DEEEB3B5D38A08B29BF837AFF39687D9D92D80335FC22CEA9
                                                                                                                                                                                                    SHA-512:61FB61894D89218316B45CAABC41DC553CFDB3CC43DC0E1E99D5D7E54986E933E7641AD615775827B4973CCF576509BBCEC78B3AD26141B53D3FCF1ABD9A51A6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:03.388 bf8 Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Rules since it was missing..2024/03/10-17:31:03.462 bf8 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Scripts\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):38
                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:FQxlXNQxlX:qTCT
                                                                                                                                                                                                    MD5:51A2CBB807F5085530DEC18E45CB8569
                                                                                                                                                                                                    SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                                                                                                                                                                                    SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                                                                                                                                                                                    SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.f.5................f.5...............

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Scripts\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):309
                                                                                                                                                                                                    Entropy (8bit):5.212454004761847
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:F21wknaZ5KrWLYQV+dp6FB2KLlvHGQ+q2PwknaZ5KrWLYQV+dp65IFUv:LrHUdQFFLBSvYrHUdQWFUv
                                                                                                                                                                                                    MD5:4CA94ABF985457B054B6530CEEC6A1BE
                                                                                                                                                                                                    SHA1:42C2AC4ECEFA51F26EE5914DCA0CA553CE1D7561
                                                                                                                                                                                                    SHA-256:45F2A798BE5808D8F0419C62B9E0373EEE81B0247FE3A283ABDBC53AF92C0A43
                                                                                                                                                                                                    SHA-512:0BC9039DCF2D6DE2CFC8FF9520CC580019EB59D0B02E355F4BCBF336C6FD502A7E0096562B680D38594C7BFC3279D3C17F53BEA2F2461D8D1BF8939AC5223C10
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:03.720 bf8 Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Scripts since it was missing..2024/03/10-17:31:03.747 bf8 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):114
                                                                                                                                                                                                    Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCT
                                                                                                                                                                                                    MD5:891A884B9FA2BFF4519F5F56D2A25D62
                                                                                                                                                                                                    SHA1:B54A3C12EE78510CB269FB1D863047DD8F571DEA
                                                                                                                                                                                                    SHA-256:E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
                                                                                                                                                                                                    SHA-512:CD50C3EE4DFB9C4EC051B20DD1E148A5015457EE0C1A29FFF482E62291B32097B07A069DB62951B32F209FD118FD77A46B8E8CC92DA3EAAE6110735D126A90EE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):348
                                                                                                                                                                                                    Entropy (8bit):5.2245721846527475
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:F7q2PwknaZ5KrWLYQV+dpNIFUt88hPFZZmw+8nchkwOwknaZ5KrWLYQV+dp+eLJ:1vYrHUdwFUt84PX/+Rh5JrHUdPJ
                                                                                                                                                                                                    MD5:6C479AE02FAF4E9B1C432BFFF64F7157
                                                                                                                                                                                                    SHA1:D968F28010EBF06DBD07BC97F463199D95AEB019
                                                                                                                                                                                                    SHA-256:C3C040A9935E7CBB0AC5F2C36329F1DE7D12E38A23D2C5872F6899458A586763
                                                                                                                                                                                                    SHA-512:5353E75EA45CF57AFABADC452BA162AC1520B4F8C237B476D04E651BC100808720DC6E658E86F3953AD24D808DDEF1B99F9E4461CB9DD0E93AFF133F18695246
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:20.130 1960 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State/MANIFEST-000001.2024/03/10-17:31:20.214 1960 Recovering log #3.2024/03/10-17:31:20.271 1960 Reusing old log C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State/000003.log .

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State\LOG.old (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):348
                                                                                                                                                                                                    Entropy (8bit):5.2245721846527475
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:F7q2PwknaZ5KrWLYQV+dpNIFUt88hPFZZmw+8nchkwOwknaZ5KrWLYQV+dp+eLJ:1vYrHUdwFUt84PX/+Rh5JrHUdPJ
                                                                                                                                                                                                    MD5:6C479AE02FAF4E9B1C432BFFF64F7157
                                                                                                                                                                                                    SHA1:D968F28010EBF06DBD07BC97F463199D95AEB019
                                                                                                                                                                                                    SHA-256:C3C040A9935E7CBB0AC5F2C36329F1DE7D12E38A23D2C5872F6899458A586763
                                                                                                                                                                                                    SHA-512:5353E75EA45CF57AFABADC452BA162AC1520B4F8C237B476D04E651BC100808720DC6E658E86F3953AD24D808DDEF1B99F9E4461CB9DD0E93AFF133F18695246
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:20.130 1960 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State/MANIFEST-000001.2024/03/10-17:31:20.214 1960 Recovering log #3.2024/03/10-17:31:20.271 1960 Reusing old log C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State/000003.log .

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\ExtensionActivityComp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4096
                                                                                                                                                                                                    Entropy (8bit):0.3169096321222068
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                                                                                                                                                                    MD5:2554AD7847B0D04963FDAE908DB81074
                                                                                                                                                                                                    SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                                                                                                                                                                    SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                                                                                                                                                                    SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\ExtensionActivityEdge

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):32768
                                                                                                                                                                                                    Entropy (8bit):0.40981274649195937
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                                                                                                                                                                    MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                                                                                                                                                                    SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                                                                                                                                                                    SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                                                                                                                                                                    SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Favicons

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 12, 1st free page 11, free pages 2, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24576
                                                                                                                                                                                                    Entropy (8bit):1.5862549202437328
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:TBmw6fU1zBDjub3OeNB7k/XDPCl+iuI294SxYqn5kMJgfD/3:TBCyHu6SMLMWLRqb
                                                                                                                                                                                                    MD5:8318A8F6F58F58DA9DFA4654623B6A75
                                                                                                                                                                                                    SHA1:AD5887AED92AAFE874E14D5B6CE67558A2290F51
                                                                                                                                                                                                    SHA-256:F77B639E63CFB2317E659C9416A96F0CAEE4BDFC570C9119CDDC629564517152
                                                                                                                                                                                                    SHA-512:099152C0569BF913C8AE9B3B40AF9185ADD5959FAC93A69C49F48430057E77E4D8CA22F888D88C85337E04486E3B6B3B0F09CB56497F2EF501DF99F78DA388ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\000\t\.usage

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                    Entropy (8bit):1.4575187496394222
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:ZlKwQsl:W
                                                                                                                                                                                                    MD5:35A6C3B4FE838413993C88D9DB65C73E
                                                                                                                                                                                                    SHA1:FBC0F9716FCDC03C7FCF908FED2C5ED73A5452F6
                                                                                                                                                                                                    SHA-256:DA74921979C4034FB77F61A6295C7C4D9A2196C831760D546E36AD959F240D23
                                                                                                                                                                                                    SHA-512:6AAD96386A306AFC8DFE170B4A84B7591E2F98F11FBEB5F81456E9CE806D3A7734B962F174E6B1904A23CE395F69C5809EF52B851BC0B5B207CB21BB974158D6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....FSU5................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\000\t\Paths\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\000\t\Paths\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\000\t\Paths\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):323
                                                                                                                                                                                                    Entropy (8bit):5.216606671691378
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:FpHAOq1wknaZ5KrWLYQV+d/9MRDVYRsL12KLlvpHLq2PwknaZ5KrWLYQV+d/9MRJ:31rHUd+ZV88BLPvYrHUd+ZV8U2FUv
                                                                                                                                                                                                    MD5:9CF4B2C2FB40019B32BCD4EB6F035044
                                                                                                                                                                                                    SHA1:7DEAE0D7FCACA05DBD83820F2F3EDAD8937E52C2
                                                                                                                                                                                                    SHA-256:37DED69DE7A85E287A38B71F7392FCF3830D837EA703321EB2BD14509EE21149
                                                                                                                                                                                                    SHA-512:A901E8379CF4FEF64AFC244C373E7066580B2ED3A1E903872CAEB65C2DCCFB06A7355ABEEBFA14CE1664713A54AF7EA902EC86D6F7BE7164A4B4D9A832A4C80D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:36.252 1960 Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\000\t\Paths since it was missing..2024/03/10-17:31:36.267 1960 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\000\t\Paths/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\000\t\Paths\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\Origins\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\Origins\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):104
                                                                                                                                                                                                    Entropy (8bit):4.71553573229993
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:w1tsm1iIjRb/MlA1jNMsis71rVWihViVVn:w1tsmRFThVN5x4ihUVV
                                                                                                                                                                                                    MD5:5C8A5499075648DFFA516552873B2352
                                                                                                                                                                                                    SHA1:C5B03A008EFB5B59273849F051E015DC7CD8CA74
                                                                                                                                                                                                    SHA-256:0007C077FE33A7823DB950818CCDB0DEEFF2CAE75400427D5931D7AFC257F7DA
                                                                                                                                                                                                    SHA-512:A02BFBDAD13653D3994ED79C6D7BCF4070277FBA71A82F5E5629AA4945867EED73BC9538615E9B7BC4B0F0057888EB5D2BE479D9363BA4485FADF92072E9417B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:mP...................LAST_PATH.-1..X.@................LAST_PATH.000..ORIGIN:https_web.whatsapp.com_0.000

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\Origins\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\Origins\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):315
                                                                                                                                                                                                    Entropy (8bit):5.242892215049996
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:FpHIFZF+q1wknaZ5KrWLYQV+d/9MRO2KLlvpHSq2PwknaZ5KrWLYQV+d/9MRgPRh:ea1rHUd+YLGvYrHUd+4uFUv
                                                                                                                                                                                                    MD5:77CF3F1ABB99A7C69FC2330495216D20
                                                                                                                                                                                                    SHA1:C305211DC8E28901600EE6E9FB5D172B39C9AA82
                                                                                                                                                                                                    SHA-256:B18D9457103307C95D17CFCF47DD7CD1D1605E8FF164036E4A9D72B9267C4FE4
                                                                                                                                                                                                    SHA-512:FAC643F995255C39C4432C4C17C01412314CD1A436D495AAF399DFB850FBD3464628118D0D739B3325B3A43DF3CA1D2AB97E29963342D88FEB77D26283BE2199
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:36.184 1960 Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\Origins since it was missing..2024/03/10-17:31:36.202 1960 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\Origins/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\Origins\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\GPUCache\data_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\GPUCache\data_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                    Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                    MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                    SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                    SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                    SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\GPUCache\data_2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\GPUCache\data_3

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\GPUCache\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                    Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:LsNl:Ls3
                                                                                                                                                                                                    MD5:334A9B42CA0F3506D6A4EB2CFF510D0E
                                                                                                                                                                                                    SHA1:9403A5B5EDCA1B857921DFBCD5851FE69F802AF9
                                                                                                                                                                                                    SHA-256:75DDC5A3E8D1FB4FA2254752E4EA6C5E8FB2A231B6FDCB20163E3E2E246F11E3
                                                                                                                                                                                                    SHA-512:BA747ADF4DAC1AD40E9FB57AB175AEA2D25CD93FCA14BFFFEE88B848190BA88C9490CA39AF1577ABE4F63FB6A197799F312041DE84E00C6EA2EA41E158D62304
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.........................................X.<.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\History

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):155648
                                                                                                                                                                                                    Entropy (8bit):0.568287664376106
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:+HhMF9E6WyejzH+bDoYysX0IxQz9kHtpVJNlYDLjGQLBE3CeE0kEjq:+frhH+bDo3iN092TVJkXBBE3ybV
                                                                                                                                                                                                    MD5:E9FA47D5EA6A41534F8B52128916F2E9
                                                                                                                                                                                                    SHA1:23031E1989F4D7649FF0F4199B08AB3487D69033
                                                                                                                                                                                                    SHA-256:67A0239D7DD9BCDAB64ECC6598A95F75681DA5D200FDDB2C15EF961865B6690E
                                                                                                                                                                                                    SHA-512:3ACFDD453B043FD3BE8DB95E97F4A42AA4402CEAAFB816D12606F811390A6F2876953CDBF2B79676E9D2AC0F54F8E633EE12422D56745202E0FE962A01E72BAA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):33222
                                                                                                                                                                                                    Entropy (8bit):4.693691706394156
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:384:F5HQw8knMYCMymRMo8cXxoAUCtlqSsEgPfYjgz8nQ6Dlb5S9gp:FCw8knMjMyGMCXSTQMdEsBYQGb5S9gp
                                                                                                                                                                                                    MD5:2DEB03B16A72E092D81D9787CECE8B82
                                                                                                                                                                                                    SHA1:D4E270B899FDDBC6EB18C4CAED5D7E620306508A
                                                                                                                                                                                                    SHA-256:005871891DB03FA4012A05645A07B16A8734B091232A414BA0AACB27C8D6CB26
                                                                                                                                                                                                    SHA-512:D77783BAA187F29CE9545C681A716C903798390DFBD0B83AA8E68B9626565DA9CA1769A656A608BF70AF8FE18A1C2173502C233457733D1FAA16DE3B3DC8495E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. ......................2.......".....................................!..n........................C.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..w.a.w.c.......................-M..............................2.......................2..........................v..............................2....l.o.g.s......2........l.i.n.e......2..........2..........2..........2..........2..........2.............l.o.g.s........2...........................2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2.......................l.o.g.s..>......................2..........d.....t.i.m.e.s.t.a.m.p......d...........d.........t.i.m.e.s.t.a.m.p......d...........2....................2...........2....................d.........2....................d.........2....................d.........2....................d.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000004.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3426
                                                                                                                                                                                                    Entropy (8bit):4.030940638937285
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:6TX3Pe3P8lTSBz//dPDdPPbjlXqGqe9VE/KNKon/jSjOPd4XNbNo4gh5cVYaNlHg:+nPmPhtlPpPs92qCo0A7p8+9TgJAW
                                                                                                                                                                                                    MD5:55FE4807471F29728D639036703D6E2E
                                                                                                                                                                                                    SHA1:1961E293628DCC209CB92E26ABD6807C5AC9597C
                                                                                                                                                                                                    SHA-256:B83C5674E4E1874F9964746173BC699B990324F3AF14F5177DF94A37C8BDB4AD
                                                                                                                                                                                                    SHA-512:8077783F0D2F094A46B3820F23F9A9F7ECF243865DB5BCA6ECE60EA8483A91C1345D61118BC89A1D62BDB0A485A60C300F91AC9D87748A081AECD7040EE2B6FF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:..........................Y.......................2.......................2.............................Q.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..f.t.s.-.s.t.o.r.a.g.e......2...........X.V.Q.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..f.t.s.-.s.t.o.r.a.g.e.......<..............................2.........2.....................e.k.......................;..-.....................2.......................2.............................S.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..j.o.b.s.-.s.t.o.r.a.g.e......2...........Z.X.S.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..j.o.b.s.-.s.t.o.r.a.g.e.....}.<..............................2.........2.....................ZSv...........................-....................2.......................2.............................e.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..l.r.u.-.m.e.d.i.a.-.s.t.o.r.a.g.e.-.i.d.b......2...........l.j.e.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000005.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16077
                                                                                                                                                                                                    Entropy (8bit):6.448916313619731
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:JogdLVLbcUArNra+uos+KM3UT7VwjBCbs0Ay3vHWhg8ZKVdrCAJK1/lS38GScE/A:ekLVLQUSaFjY484svy3v2C8uXMtcms8G
                                                                                                                                                                                                    MD5:9392A2EA35E4696C1890D3C805E5D63A
                                                                                                                                                                                                    SHA1:405C53486A926B755095BE8BC57B008A602FA0FE
                                                                                                                                                                                                    SHA-256:0AF1BA4D9BC85F99AEF3CD2DD185D528987C128B7FDBA07244FB2AE0D913945B
                                                                                                                                                                                                    SHA-512:83628E34B616C8760D28A775C8A541F00B8440D5703D2270B51C85725D930748972127AC4E89DEDC67130BB82881BEF12172519BD457D5C57581E2BBFFB95378
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. ............$...........................................................................................m..........,....................2....$...............D.2...K...........................Y.......2.....&..96/...........?.............G.4.....&\.Q.G........<.G.......&....G......2.G.......&....G..........2.......2<.....%.!7......_.L)....,.J....*.(!.....w.o.r.k.e.r._.w.a.m._.e.v.e.n.t.s...`.M..W.....I.C.....C 2.....a.N...".H...".....b.O...".G...".....c.P...".F...".....d.Q...".E...".....e.R...".D...".....f.S...".C..."..F@..g.T.&.1.B...1.....h.U.......A.......!.$.......i.V.....$.6....". .#....c%..e=.0m.e.t.a...j.W.0...5......!}.k.X...".4..."!}.l.Y...".3..."!}.m.Z...".2..."!}.n.[...".1..."..F9..o.\.&.1.0...1!..p.]..."./...".....q.^..."....."!}.r._..!}.-..=}.....s.`...#."...t ...d.....!k...#.!...#...u.b...#. ...#...v.c...#.....#..F$..w.d.'...........mZ(........x.e....................>=.....y.f.&!6....56..A3.z.g..."....."A3.{.h..."....."A3.|.i..."....."A3.}.j..."....."!x.~.k..."....."J....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000006.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2383
                                                                                                                                                                                                    Entropy (8bit):4.3331083163799775
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:A4G8N6fl5TSUIHtNbHRSL3agQ58OlkIt/6oT3iy8VpkyZVh9B0:L6fldSFtBGaJCOdz
                                                                                                                                                                                                    MD5:EB229A9381A6E623451456E51A9BA8EA
                                                                                                                                                                                                    SHA1:5637BD8C4F732348F56AFDA363FCC0875AF110F5
                                                                                                                                                                                                    SHA-256:04F72B7B0CC6C8EF6268C0F09845BD3F1E0B4F05456C98C0B18C0434757EDDC5
                                                                                                                                                                                                    SHA-512:95740500A0C4D0804811B8990774367C52D52D1D956D2725DE886B9434BDD3498E5746D377DDE4E3D6E376CA557DB11C21F377A0401CAC92BC8A5017352F85A8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:N.R*..G.................2..................?....................o".action".commit".name".WebcDbOpen".payload"K{"webcDbName":"wawc","webcDbOpenWasSuccess":true,"webcDbOpenNumAttempts":0}{.......2.!&............................................2.!..................2...........2.!..........................?.GH.|..L.....................Q.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..w.a.w.c._.d.b._.e.n.c........................j..P.....................?.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..s.w.......................w..T.........................?........2..........2.!.......2.!..........................?......2.!..................2.......j.L..Y..........................2.#.....................2.#.......................m....\..........................2....k.e.y.s......2........i.d......2..........2..........2..........2..........2..........2.............k.e.y.s........2.#.........................2.#..................2........2.#..................2........

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000007.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1421
                                                                                                                                                                                                    Entropy (8bit):5.843098965729076
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:Q+BsNO/mk75IHZG4o9MeDLetcdFDxZwOWWRb3Kf9/o7uIr410NOW0T:hBsNJw5qGxatO1DWWN/7b4WeT
                                                                                                                                                                                                    MD5:90D83098A2DB62C9A6243F757C3510BE
                                                                                                                                                                                                    SHA1:8B367A09CD2442B0E6D20F974854043930A9EF68
                                                                                                                                                                                                    SHA-256:A2AC2DC3A120E04B8C07CFB92D0D4C366E7BF253D5E7CC9E793519332EF595D8
                                                                                                                                                                                                    SHA-512:67288F8DA29C19FC785C4415AA3A787180259E900E63586F1004D95ECFDF1EB088F69978837A04B18B06E34AE1D49F12564627DE4F7D72E57146AEC37246FA5D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...........@.........=.........8.....5.......0.....-.......(.....%....... ....................................................................5........2...B.&........................< ..........0.......2$..................2$..................2$..................2$........&......!..2$........2..... ....)..2*........6......1..2$........>......9..2$..........v...A.$.............C........)j....../.......D. .X... ..V.Q. ....h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..f..P-.s.t.o.r.a.g.e............l...........ED...............Z.......X.S..... ..j.o.b.sF....2.....n........!=..................l...2..$.....$..j.e...].H..l.r.u.-.m.e.d.i.a>..(.-.i.d.b...2..........................%Y".Z......q..o.f.f.d>......2.....n..................%...X.........q.p.lF....2.....l..................'.%...^..$....\.W...(..s.i.g.n.aN....2...".r.........)R...../.%...F..,....D.?.....s.w...2...*.Z....a;...........7.%...X..4..... w.a.w.c._a,4._.e.n.c.........2.....2.s................?.%...^..<......w.H.k.e.rF

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000008.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Public Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8046
                                                                                                                                                                                                    Entropy (8bit):6.468432873233568
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:6qF6b/2y6rx461qibtKWhBdFYyYiyBujGNblTICMVk:6+C/2y6V4H4tZbEUqICGk
                                                                                                                                                                                                    MD5:D842EE673D1C89B686EDA090E4CFEBEF
                                                                                                                                                                                                    SHA1:3197768D2C99A8683917B78CDC851BC57B67D8AA
                                                                                                                                                                                                    SHA-256:6303427437F0456B64B101A1952B44CBD1175C446A39A1B3AD17E4A105FAD2E3
                                                                                                                                                                                                    SHA-512:F240A99BC6B03C654AE3DE43EF1A11E4217AE8A6367A8F9C78F4225CA3727DCC9A57BBCFDD81E06BADDF560F89038B93787619AAE15A566E58E0AC39B3C3B478
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. ............$.....................,.........2...3$...........".........:........................&...........6.....>.........{......v.............(.............................Z.......X.S...[...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..j.o.b.s.-.s.t.o.r.a.g.e..........2.......u.....................2...l.......j.e.....H..l.r.u.-.m.e.d.i.a>..4.-.i.d.b................................%2i......i..o.f.f.d>......2.....n..................%...X.......V.Q.b....q.p.lF....2.....l................'.%...^..$....\.W..(..s.i.g.n.aN....2...".r................/.%...F..,....D.?.....s.w...2...*.Z....a,.....c......2.....7.+...X..4..... w.a.w.c._a2(._.e.n.c...2...2.l.........)@.....?.%...^..<.....(w.o.r.k.e.rF....2...:.r....)X!_..G.. ...1#...4......9...7.[.......AW$..........a.(.......2...!-..0l.o.g.s..........<...l.i.n.e........!]......................b.)..8.. .......2.......................4.....m.....5......v.6...v.7.....8...V...[...!.....:...4...;..........f..4.l.1.0.n.....g......%..y.y.h.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000009.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1975
                                                                                                                                                                                                    Entropy (8bit):4.940962732528583
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:F7yuqmH6Qxwl2ykteUt/T73/dpKWvHc+baMrt7/6G7YAxV++BJ:RVDkhBMrx6DAG+T
                                                                                                                                                                                                    MD5:840F68C90CEC3ADC9AC376B885C7245C
                                                                                                                                                                                                    SHA1:46728F1DD48D34D5825D38616E96C8D83A4B801D
                                                                                                                                                                                                    SHA-256:3EAFDCB3B98498AB56472D5829E4103C8EEA8B9E53B3EDEF595A29FD357E5E8F
                                                                                                                                                                                                    SHA-512:339AE1F5B6F7C950E9F0C15B3EB49C6FA8C1EE2490023E225D0248374E291633CCDF71029238BF676EEAE0BC22330659273A47D123D3B13F1CCCB79C12309A26
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.7................................2....p.p......2............2..........2..........2..........2..........2..........2.............p.p........2."............................2."..................2........2."..................2........2."..................2........2."..................2........2."..................2........2."..................2........2."..................2........2."..................2........2.".....................p.p.+.0..............................2....s.t.i.c.k.e.r.s......2............2..........2..........2..........2..........2..........2.............s.t.i.c.k.e.r.s........2.".......2."............................2."..................2........2."..................2........2."..................2........2."..................2........2."..................2........2."..................2........2."..................2........2."..................2........2.".....................s.t.i.c.k.e.r.s"-..Z....................2..................?....................o".key\K..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000010.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1587
                                                                                                                                                                                                    Entropy (8bit):6.146531418943893
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:AHkKcia/XxDBxmYfZUuqOyhTlGnLdLMMmnlW8sJTWSFeuRzawH16p:AHkfiaxmYu6SoR+lW8KPgutDV6p
                                                                                                                                                                                                    MD5:4932C7D336A1B0E8B4C4F52D391E3C26
                                                                                                                                                                                                    SHA1:585DEAF64FB4BF1A9C229F3C52302BD601682914
                                                                                                                                                                                                    SHA-256:A6260E3C2168876904670F7150D8571BA2E2C9EFDF8750813F590353E9C8F378
                                                                                                                                                                                                    SHA-512:AB25BB9E3A625E6847ECDA3168FEB46E09BDB26B1FE67BA63C89A56BC2E036D21291CB8DD003450E66100896FF98F3F14BDECE84B167DC08FF291EF648767468
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:..(.........P.........L.. ....2..........!.V.....&I..........;(...................."..J2......#.z......Z..2V.........L.....$.............................!.!...X..L........2..........W.. .............?.....K2..........J...T........".w.....#%.D......p.r.e.f.s....k.2../...../...../ 2........>..........>..........>..........>..........>..........>..........>........................................$#1......!..". .......f.t.s._.h.m.a.c._.k.e.y.s.......!1..%.....2.!......G!5..!.....>..!.....>..!.....>....5......~>&.!-...}>..!-...|>.........{..%......E.....o.................n....M..m>.......l>.......k>.......j>..I..i>.......h>.......g>..I..f........I..[..1.A.0.C....h.t.t.pE.0w.e.b...w.h.aE.la.p.p...c.o.m._.0.@.1..s.w.Q.R...Y.*.K....w.a.wEy0d.b._.e.n.c.M.]......<...G.........U........$..H............o".action".commit".name".WebcDbOpen".payload"K{"w...N.#.:"wawc",...+<WasSuccess":true...LNumAttempts":0}{........T...$.........................A...p.......\.........Y.......N.........O.. ....2...]..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000011.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):9184
                                                                                                                                                                                                    Entropy (8bit):6.5296041518472645
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:0D346nsSELsKaTzG+Vn+N/KWhg8ALzoE6U/kilS6yPw00KmbApwm:0r468Ra3GBN/ZC8ALUE6yuo5uV
                                                                                                                                                                                                    MD5:2B87032B65F2C82E0D976BA0E6463507
                                                                                                                                                                                                    SHA1:7CC92E6B831CC5C303DF0102C2C79069273BF48A
                                                                                                                                                                                                    SHA-256:5819C1B55571C31C8C8ED6DBDFA9EDA784A5CF2418ABB1674D78AE9416249235
                                                                                                                                                                                                    SHA-512:00AC87FB31B7830EC9CE657E0708980F3DE5F2E540E6422FD31AB733AA06B2F28A1FF70D22269569D085A220794BF076CFCC5CDE0085EDDD1D26ED23A2C2ECDE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. ............$........P.............,.........2...3$....................................&...........6.....>...!.V...."...................#.z...............................7......2............ ......."....l.......j.e.1.q...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..l.r.u.-.m.e.d.i.a.-.s.t.o.r.a.g.e.-.i.d.b.......................(................%...Z.......X.S.L..$..o.f.f.d.:.............n..................%...X.......V.Q.....q.p.lF....2.....l........AE........'.%...^..$....\.W..(..s.i.g.n.aN....2...".r........A........./.%...F..,....D.?.....s.w...2...*.Z....a,....)......7.%.....X...2..$...4.$...\w.a.w.c._.d.b._.e.n.c...2...2.l................?.%....!..<.....(w.o.r.k.e.rF....2...:.r....)a!h....!.....X.%L........2..........W...............?.....K2..........J...T........".w.....#d...........p.r.e.f.s....... ..... 2........>..........>..........>..........>..........>......!...2.......>&.........>............A...........................$#1......!..". A^....f..._.h.m.aE.A..y

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000012.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):4659
                                                                                                                                                                                                    Entropy (8bit):4.239159693406475
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:XHSiM0dvM/lEpXGFp0tkpijQa2m9J4osRiEP:iD0q/l4Ep0api0avSlPP
                                                                                                                                                                                                    MD5:2E61059A4E3D6819868E6426E860A16F
                                                                                                                                                                                                    SHA1:A7B388B6CF9B5FDBEAFDA30B19205991BC53422A
                                                                                                                                                                                                    SHA-256:726A8DF97D7EA007E87D391421277FAE62D5FFCF68ED7B85275E01E45F5CD517
                                                                                                                                                                                                    SHA-512:06E975EB01987317D602F20100AF719EA529E8D4628A799A1A0D75AFB72E3825A272A1899EC899EC2661FFC5811D5B81263F313C423F6D82D0A213B55C860C4C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...}.........................W.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..s.i.g.n.a.l.-.s.t.o.r.a.g.e.....................9i.L......................F......2.,.....................2.,........................:...............................2....i.d.e.n.t.i.t.y.-.s.t.o.r.e......2........i.d.e.n.t.i.f.i.e.r......2..........2..........2..........2..........2..........2.....".......i.d.e.n.t.i.t.y.-.s.t.o.r.e........2.,.........................2.,..................2........2.,..................2........2.,..................2........2.,..................2........2.,..................2........2.,..................2........2.,..................2........2.,..................2........2.,.........&.$.".......i.d.e.n.t.i.t.y.-.s.t.o.r.eQ8.I..............................2..".s.i.g.n.a.l.-.m.e.t.a.-.s.t.o.r.e......2........k.e.y......2..........2..........2..........2..........2..........2.....(.......s.i.g.n.a.l.-.m.e.t.a.-.s.t.o.r.e........2.,............................2.,.........

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000013.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1444
                                                                                                                                                                                                    Entropy (8bit):6.568448491666601
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:yoNPAtaV0QtOydAnWjV0Bedo2IB69GyHV6G7rXe1jS3vdWVBBmEjpxz:9ACiybjyedsMQy16G7ig1qtjXz
                                                                                                                                                                                                    MD5:4F3258268AECD59902E2C48DFB932F45
                                                                                                                                                                                                    SHA1:636C51ECD5BF22B8AC8A2926DED965C40CD99AB1
                                                                                                                                                                                                    SHA-256:1EBF46D2D9EC8B87E4CF733CDEFFA441C790EB61BFC8E981D8D5F01BFEEEB62B
                                                                                                                                                                                                    SHA-512:F159F1E4559D76574F7A00558B5294962F0A3925A16B5564CE33B563F29F3CA9669FEF508765BE7865D8683351B1BC1CE913C5EA230DF24CA54930A69750F212
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.........2............".....'.......&...........-(....................(...2...&....<..........J.....<.............................".!......|...........s.t.i.c.k.e.r.s.......&.....& 2........>..........>..........>..........>..........>..........2.......>&.........>...................$...................,...p.p..................>........>........>..........>........>..........>........>.................'1......!H.......2............. .........!t$...?......2...........(.2..c.....,.c......(....:#.............:....2..............w...w ........................%......................................=..........!............o".key\K.. .....zH. .+,/..K'8.....y..E.-..|oP....a..1*...M.O.U.*......j.....r......kLiG.....g_..q......Q.$..&...,ni....(.%...9W.>.@."._expirationN.p.b.yB{......K..=...........=h.........J....[.eT....7f..3R=.[..M..(..IF...A..'.....g.?.*...k/.{....7.:l.c.0b~^..U..!.G.C."..lil..P....X.:...5Jg..#N./.....F..|..i.\^>%.g`{.....Ka.U...... ................a....... ....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000014.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):9886
                                                                                                                                                                                                    Entropy (8bit):6.654220424852652
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:0zYsbC4yCMdScby4OSkKvtsm+iKWhg8S+FrNPlSXQHYcwMipPk9jQci2:UBbC11ryvHKvaZiZC8/pxOQ4pk9ti2
                                                                                                                                                                                                    MD5:7523E7DAD4A8F816E2E59D4513D69BB8
                                                                                                                                                                                                    SHA1:486D4B54373E95A16FF117B4FB7EDE288DDF30B9
                                                                                                                                                                                                    SHA-256:9C45DBAE62A83D626D004120FE8F96E53273F7BFADDC90834B54C36AFDAD97BB
                                                                                                                                                                                                    SHA-512:147EFFF7290F7743582F0F412E7FD1096C69D9FEAC9B7B82783270360F6562E40B03367D8EC7D0AF97680CCB7C390759C1BAD8E58ACF60290BFCE9FC86532047
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. ............$........P.............,.........2...3$..............................&...........6.....>...!.V...".....#.z...'.....(...........2...........X..............................%....#.....Z.......X.S.V.X...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..o.f.f.d.-.s.t.o.r.a.g.e................n..................%...X.......V.Q.K.....q.p.lF...........l................'.%...^..$....\.W..(..s.i.g.n.aN....2...".r................/.%...F..,....D.?.....s.w...2...*.Z....I..........7.%...X..4.....\w.a.w.c._.d.b._.e.n.c...2...2.l.........!...!@..2.....?.+...^..<.....(w.o.r.k.e.rF....2...:.r....)X!_....!.....X.%L........2..........W...............?.....K2..........J...T........".w.....#$.............i.c...s.......&.....& 2........>..........>..........>..........>..........>..........>..........>......E..2........&.......$...................,...p.p..................>........>........>........>........>........>........>............................... ..p.r.e.f%...... ..........>....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000015.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):619
                                                                                                                                                                                                    Entropy (8bit):3.867416073139315
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:P8gDLBlvuHJ3Dlz8gDLBlc9aQEgDLBl5mqcmukZPhn:EgDLjiPYgDLjccdgDLjJcdkZPhn
                                                                                                                                                                                                    MD5:B24FBCCA63551FE1DC7ABAF2444E71D2
                                                                                                                                                                                                    SHA1:F8ADA08149B9A7F8B7CC3D2D33D0DBCC2D09B402
                                                                                                                                                                                                    SHA-256:A852788DC75657FC106CDE9430FF73B1876F8C27CD508C5BFCFCF372128DA045
                                                                                                                                                                                                    SHA-512:6EC3719F2C52896312841DA3AA2C13A4099984938AC5C85A8CCE8BAC656773132BF9F9329E7395464C9724E3E5898D5BDEB8626E98759BFF794B3B8C0B9C36C2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:(|| .........................U.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..m.o.d.e.l.-.s.t.o.r.a.g.e..................../O.@.....................2./.....................2./...........................U.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..m.o.d.e.l.-.s.t.o.r.a.g.e......2./.........\.Z.U.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..m.o.d.e.l.-.s.t.o.r.a.g.e...aY..<..............................2./.......2./...................$..C..........................'....................2.................2..>..;>....................2.................2.........................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000016.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:PGP symmetric key encrypted data - Plaintext or unencrypted data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2690
                                                                                                                                                                                                    Entropy (8bit):6.126308611646002
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:tCmHeOdHZtt/mn5K8mvCrn6sVkZDYRbLn50T0sGBg5t0k3U8950Xh+EOZtcel2lk:tn+yvtenMc6sKYRez8mdxZG2f
                                                                                                                                                                                                    MD5:A7F776E36B748271AD5FF999FD26EE7E
                                                                                                                                                                                                    SHA1:0F08211B7F7B337C347CCF2553008C37DE4BB040
                                                                                                                                                                                                    SHA-256:EBD230DA134A86A979A3E2D82DE1A3B8DB938588ED649022BF308EB510C13378
                                                                                                                                                                                                    SHA-512:6D791C1536DD1D88664FD03A4D4718523D2A8FF302606F17E9B1347052B5F08256FB215FEDDE95C135C6C7C636B0D1DF8DDF476345E42D140B7DCFD6E79C901C
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. (.............(.....2...........,..........%........!..........F...................................,.!.......X0...d.........B..........B..........B..................`,2.......(.......&.$......s.e.n.d.e.r.k.e.y.-.s.t.o.r.e.............N.........K.........~>........A.2.5....}>&........|>.........{>.........z>.........y>.........x.........$.........m..5...%....lB..!....kB..!....jB..!....i..5...)..$..c....". ......b.a%..KJ.....b.01r..!....a>..!....`>........._>....F.....^>&.!....]>..!....\>..!....[>..!....Z..=.....0..O......,%.@..s.i.g.n.e.d.-.pA.R.....N.<1...!....M>..!....L>..!....K>..A....J>..!....I>..!....H>..!....G>..!....F..=.....$..;..].a..s%..o.n...F.....:.?1...!....9>..!....8>..!....7>..!....6>..!....5>..!....4>..!....3>..!....2..=....."..'.... ..E...j.....&...........%>.......$>.......#>.......">.......!>....F..... >&.!.....>..!.......=.....,.......*.(%...E.a(0a.l.-.m.e.t.a.$.........81...!.....>..!.....>..!.....>..!.....>..!.....>..A.....>..!.....>..!.......=.....&......$."%..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000017.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Public Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12033
                                                                                                                                                                                                    Entropy (8bit):6.620615318852127
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:we6zEIWlb4sStYsK9rW5zYHOSVLrrhpihL+g4UMkmpjoVi1Vl69+UFto+gR0QL6H:L6zgS1PUrWJ+OSVXt8yvUboaCZU/Tgaf
                                                                                                                                                                                                    MD5:7C224706A813D90DBB6B8AA95BC8FCB4
                                                                                                                                                                                                    SHA1:B578DAFD948C5C72D523A90BD6021D66CCBCBE56
                                                                                                                                                                                                    SHA-256:A212CB52CD646A74C0BEDF2A6E184134DBF83EB6AF7DF4334FFDE76BE1B4A75F
                                                                                                                                                                                                    SHA-512:B97CFC992E92B7D29865FBE8FBC9D49ACD35D88222E010E335EBAFA7EA8830970D10856B9484BF7DF8B9539B302E97C212D0DA7C1BF88C10718C19FC111514A9
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. ............$......................,.........2...3$........................&...........6.....>...!.V...".....#.z...'.....(.....,...........2..........'X..............................%....I....X.......V.Q.V.R...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..q.p.l.-.s.t.o.r.a.g.e...........l................'.%...^..$....\.W.....(..s.i.g.n.aN....2...".r................/.%...F..,....D.?.....s.w...2...*.Z....)..........7.%...X..4.....\w.a.w.c._.d.b._.e.n.c...2...2.l................?.%...^..<.....(w.o.r.k.e.rF....2...:.r....)R!Y....!..2.!.....X.+L........2..........W............L..?.....K2...i......J...T........".w.....#$..........ec.i.c...s.......&.....& 2........>..........>..........>..........>..........>..........>..........>...................$...................,...p.p...............Af..2.56....>&.......>........>........>........>........>........>............................. ..p.r.e.f%...... ....!.....>........>........>........>........>........>....F......>&...........a

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000018.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):115
                                                                                                                                                                                                    Entropy (8bit):3.003378898733327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Q//tl/lfXn+MllSXk+XW4SjXllx1ltXn5/R+FXn5/RRgml1g:Q//teMllkkoKjXlh+Rgmlq
                                                                                                                                                                                                    MD5:CF487E043817B1D58B1A21E929D20A0C
                                                                                                                                                                                                    SHA1:44F92F7E5B3206E7611FD8EBC560DDEE26FF804A
                                                                                                                                                                                                    SHA-256:E4F4AD5F11DE0792F91399D38737F4B006CD2657825AC22A16B37402B1248D2F
                                                                                                                                                                                                    SHA-512:8363E92D387E2A64968D3482C74DDC7D34A7463F0950A3BDF6174BC69EF59660D1511C8A6758601FC8981CBDA1D3DEF878C14D886A41212B9EB185D10CE6C536
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....'....................2.................2..2..>....................2.................2.........................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000019.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):522
                                                                                                                                                                                                    Entropy (8bit):5.201666711396022
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:KSCYfNKB+XIX9GDLBlm4r8sq9X8YW5/A4YuF:KOfVEGDLjm4wMys
                                                                                                                                                                                                    MD5:16640E8FB08F9E6BAE8E399BC4E46A44
                                                                                                                                                                                                    SHA1:FE845B6A258161A60C722C74BFD9A21A11CC8DAA
                                                                                                                                                                                                    SHA-256:8795861EEA65AB96806C4E810C8601DAAA92E2133FEDFDFB921DD29240249CEB
                                                                                                                                                                                                    SHA-512:8FB249EA92ADEE3912D9583A18D582764A71CB13333B2381286D6D14D11F172532E050E3A517CFCEF153424452AA848C25AFF6AA88CB95194C12989A140C13DF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:..(................................$.....2........../...................I.........._.....$............................./.!...............\........Z.U.[.[...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..m.o.d.e.l.-.s.t.o.r.a.g.e.................pD.................Y.{.F{.....l.U......$.....................!...................0..............'....Z...m.........A.....t............bL..".filter.leveldb.BuiltinBloomFilter2..!...........\..............................y....0.....................................W...$uG.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000020.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12088
                                                                                                                                                                                                    Entropy (8bit):6.613049220839744
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:MBjU+5lGq3Vja7U6JTIeJ8svaM2bvEwWmParhrgwBg4UMkmpjoVi1Vl69+UFtoPh:cjU+5JYPMeJ8qaM2bc8atUqvUboaCZUC
                                                                                                                                                                                                    MD5:0FCA0AFF41ABDC43B8E03C6DCE98F2E6
                                                                                                                                                                                                    SHA1:1AE2FECBDB30FED008C6BDF48B63AA31C560520D
                                                                                                                                                                                                    SHA-256:2D76E57AC3B78662BA08537F57C07A83FD4EC40F0D9A6CB2872A9C72F82EE84A
                                                                                                                                                                                                    SHA-512:5EE5BB27D007593965CF60E9D2812D185DF7B72F98297F7799759D045F18117C3D9E2AD8D5EEE6D73D5ED5C3AD3B1BC80AB513284D9D1915F3437C61EAF7EBB3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. ............$......................,.........2...3(............"......&...........6.....>...!.V...".....#.z...'.....(.....,......../...........2..........3X............................'.%....I....^..$....\.W.V.X...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..s.i.g.n.a.l.-.s.t.o.r.a.g.e.........".r................/.%...F..,....D.?........s.w...2...*.Z....)@.........7.%...X..4....V.Q..d..w.a.w.c._.d.b._.e.n.c...2...2.l................?.%...^..<.....,w.o.r.k.e.r.B....2...:.r....)R!Y....!.....X.%L........2..........W...........m...?.....K2..q...?...!..2..c...J.,.c........".......#D...........s.t.i.c...s.......&.....& 2........>..........>..........>..........>..........>..........>..........>...................$...................,...p.p..................>........>........>......A...2.5{....>&.......>........>........>............................. ..p.r.e.f%...... ..........>........>........>..!.....>........>........>........>............a.............1........$i&.#q......'..

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000021.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):115
                                                                                                                                                                                                    Entropy (8bit):3.0347670767719075
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:hWX/lfXn5zXk5j9Q/x1ltXn4AjFXn4AQgHhOAn:hW/k5jWMA2AQgBOA
                                                                                                                                                                                                    MD5:CFB281C2C25EEBB0903CB6BA3F5EB3B7
                                                                                                                                                                                                    SHA1:5967ED4B63508006E079CF18AC95BAFB1F42FFDF
                                                                                                                                                                                                    SHA-256:984B712F4016883E3AAA086588D76E92C68807EFFD12BD9ADE6E260100855581
                                                                                                                                                                                                    SHA-512:E7F4DE130C4A55FFF169020DF61D4C069F9A9CAFD37E39C2ABB8A58706B2DCDFE180659C3C19509C003C05C15FE4676C85207A64BB22982D39E2A3D30A767E6F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.vm.'....................2.................2..S...>....................2.................2.........................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000022.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):251
                                                                                                                                                                                                    Entropy (8bit):4.457370184712067
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:UlDHpbVxogQl94K/Ml3gLJnUIR8/AXqiM4zlYfH:UTHo7l2Kkl3gG5/AhM4zlEH
                                                                                                                                                                                                    MD5:A85C903871EC3E5D9152370DC2F431AF
                                                                                                                                                                                                    SHA1:553A8815386C356522A6AA84AF36C4E9C38DEC27
                                                                                                                                                                                                    SHA-256:834BCF1924A073C5F59757CBDE18B5B86F1504A26B2A3D9646795D86426AAD19
                                                                                                                                                                                                    SHA-512:AC42630E90CA8628B6A1AA139F7A0775F128F5375BB590FC7D96F96CD736967B175B305F161A12AD25663DD18B806E0B2B3337E22E44BBA4C5B10311446581CE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:l.......2.................................................. ...........L......................Q9.I.....*.................".filter.leveldb.BuiltinBloomFilter2a............L.................\...........<.x/......................................W...$uG.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000023.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Public Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):12033
                                                                                                                                                                                                    Entropy (8bit):6.622681309184873
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:slDsufC7e7+d3ABXw9UX+R7Bi+wc4zYmXYM3xoaLWKNmUvkLpjkcflzybpCxDAgG:QsufC7Dd3ykR7BUc43RGa6KoU8FTlNWH
                                                                                                                                                                                                    MD5:9BF604294C422578832A9D8810373CDC
                                                                                                                                                                                                    SHA1:1E573ACE25EBE1CD86B5AC091400DFE48AD3CCBF
                                                                                                                                                                                                    SHA-256:B9A3314D2F2DCF18B2F5C13F21B5B2B404066F45D63BDF5384F6B7397296D11E
                                                                                                                                                                                                    SHA-512:394B31844DD1CB493BE44C6851E4D336E3AD84A3CBEA849FC98A370CD2C2004B3875DF1B4D0CFA43BC7C2E277DD57F0270EDA61253008D432A19C3CA45D67CA7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. ............$......................,.........2...3(.........&.."............6.....>...!.V...".....#.z...'.....(.....,......../................"..0....................2........../.+....J....F..,....D.?.7.@...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..s.w.........*.Z..................7.%...X..4....V.Q.....h..w.a.w.c._.d.b._.e.n.c........2.l................?.%...^..<....\.W..H..w.o.r.k.e.r.-.s.t...a.g.e...2...:.r....)R!Y....!.....X.%L........2..........W...........M...?.....K2..q.......J...T........".w.....#$.............i.c...s.......&.....& 2........>......!...2..c....>&.........>..........>..........>..........>..........>...................$...................,...p.p..................>..........>........>........>........>........>........>......a.........&................... ..p.r.e.f%...... ..........>........>........>........>........>........>........>............a.....3.......1........$#q......!..". .M....f.<._.h.m.a..a..y%......0!...!r!.....>..!.....>....u-......>

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000024.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):115
                                                                                                                                                                                                    Entropy (8bit):3.034767076771908
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:3Nlltl/lfXn4slAXk4+Siallx1ltXn7S9FXn7Sqgrleg:33ltYslyk+ialogx/
                                                                                                                                                                                                    MD5:D271B625E4E23917E6D3ED85BD8C7FB4
                                                                                                                                                                                                    SHA1:E9263839019F601FF43537B5BBBAEB7A25534B5C
                                                                                                                                                                                                    SHA-256:25860E438F33FB1344CB357C601DD5CD70FFACC7675313B82F9D632FB0B02909
                                                                                                                                                                                                    SHA-512:7142132E91D1F1AF8CCBD137060082B00F93827D1472E1246B73016ED5A0B9098B0D0A64125B52E5089006EB08EE1DD5D59852D14FE06A10C7186F75A4239211
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.}_.'....................2.................2...w.0>....................2.................2.........................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000025.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):249
                                                                                                                                                                                                    Entropy (8bit):4.397253347357832
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:UlDBkv3SlLHMWgvl/11almMLJnUIR8/AXsEflFlal/qKXQ:Uzk6lLH4/jalmMG5/AcENFlu/qZ
                                                                                                                                                                                                    MD5:687AA21DFF855CF34273447B09FBF144
                                                                                                                                                                                                    SHA1:9BC863F8184D83249A9DD1CE994431154F803465
                                                                                                                                                                                                    SHA-256:EB7D7DB5C5334860B42469DFFFA24C265F86F7A7D482F1B4BEAE7FF74C742DFB
                                                                                                                                                                                                    SHA-512:FE9713E7E45B21529509078E719E2368AF637E7EAD7569DF2D675365D77D6CE7F0D9F4AF1AEA5275650F946F00762660B9D51B9A7C008C8F540E0C0C5AFB7BE0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:l.......2................................................ ...........L......................M3F......"...............J.".filter.leveldb.BuiltinBloomFilter2_.............\.................Z..........2..v/......................................W...$uG.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000026.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11862
                                                                                                                                                                                                    Entropy (8bit):6.616422972933002
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:VouzFWI4RKtFuZ11qEdZ8sV4Z5i5Yw1pLW7aUaUGi3kjoHUVow9VDGIyYAr2jQGE:CuzFWzRK7nq8qY5Dwb6HaUj0xiyhjFid
                                                                                                                                                                                                    MD5:5068A8B51309FF52838942C3F861B831
                                                                                                                                                                                                    SHA1:5160FFB5CA9A7F8DC3A951D0929CC619B24F0535
                                                                                                                                                                                                    SHA-256:49181AA536C0305C48EAABE4E7EB612C94E1FED8C27D45C639E2D1F9F839F0A9
                                                                                                                                                                                                    SHA-512:908B83C2C8AB1F4287B70282040C06F40878712E1D6D454BC340F8A9E20951B5989FA74E85452B5078B7086401DC9746ACEE925D45964374876744CC52D726FC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. ............$......................,.........2...3(............"......6.....>...!.V...".....#.z...'.....(.....,......../................*..X............................7.%....D....X...2..$...4.$..V.Q...R...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..w.a.w.c._.d.b._.e.n.c.........2.l................?.%.....^..<....\.W.....H..w.o.r.k.e.r.-.s.t...a.g.e...2...:.r....)a!h....!.....X.%L........2..........W...........MR..?.....K2..Qo......J...T........".w.....#$.............i.c...s.......&.....& 2........>..........>..........>..........>..........>......!...2.......>&.........>...................$...................,...p.p..................>........>........>........>........>..........>........>............................. ..p.r.e.f%...... ..........>....F......>&.......>........>........>........>........>............a.$............1........$#q......!..". .M....f..._.h.m.a..a..y%-.....0!-..A.!-....>..I...>..!.....>..!.....>..!....~>..!....}>....5......|>&.I,.{..%....a........o

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000027.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):115
                                                                                                                                                                                                    Entropy (8bit):3.0347670767719075
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:KCiX/lfXn7MloXk75Ublkh/x1ltXn6/R+FXn6/RRgggh:KCiWck75CcO/3/Pg/h
                                                                                                                                                                                                    MD5:CAA63966F0F1FE14C5CEB9CAB5436659
                                                                                                                                                                                                    SHA1:72EADA912529E8F3E8A8277ED5352789396345B8
                                                                                                                                                                                                    SHA-256:A516323E4750A8D4AFF3C2264566B4963E5FDF0A4321033F6F0A9A7C6BFB08EF
                                                                                                                                                                                                    SHA-512:F8ED35D9D42D33989B722FBBD2B481D08680FDC9196AD0C62FC59147B2EA93B41B3C3D23068308E0633DE218BDEAF9F88DBE2C725F1679D47CE05B5085E5E6C8
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:*..z'....................2.................2....$.>....................2.................2.........................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000028.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):249
                                                                                                                                                                                                    Entropy (8bit):4.4931094850738
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:UlDBNdgrsPsjhRl9ZGvDgijLJnUIR8/AXsEflTl/lSTw6d:UvNdgrlHlj4DgQG5/AcENTZlSTw6d
                                                                                                                                                                                                    MD5:9B0D08E4F411FF0954B346B41F79F8AB
                                                                                                                                                                                                    SHA1:A95C2B71EC9BC667349D793775E2A689758EF381
                                                                                                                                                                                                    SHA-256:A9F8DDF0C131A8B5F76F6A00B37810F006E854CE9CB05AD79796E211F594D508
                                                                                                                                                                                                    SHA-512:31D012AD6E9B19B28D06226A3B71365E53ADA1A7B35DD06FA8F8E267EA1A2DBD3B1CC03999D646E830B6BF752337F9022633F8D10EC4DF11CEA37953DA892179
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:l.......2................................................ ...........L.....................s...^.9.".$.............,.'.".filter.leveldb.BuiltinBloomFilter2_.............\.................Z...........[^v/......................................W...$uG.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000029.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11819
                                                                                                                                                                                                    Entropy (8bit):6.604289020240758
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:NSVDQSnCutebk4uUYix13H3LLWhXzSe5zBemkXe4oRwxdYrZykqpsZj1qLKw0R0g:EV3eb1uIx133L6RSe50VJOYsZj8LKwaX
                                                                                                                                                                                                    MD5:0EC76358D9A40A74729EFC9BD0AB5955
                                                                                                                                                                                                    SHA1:28325FF92FD4A2444E47D56C2B30779F2D9A94DB
                                                                                                                                                                                                    SHA-256:2521AB64BBA5EA982B52C0D7A1389A401079AF9EE15AD0BEC645714F2D00AC41
                                                                                                                                                                                                    SHA-512:083CE02A8E316E467345FBD3E5C82A7244F87F91F84CEF50F1C6ADAF6037CE32F3A29410DCD5FA468002B46546986FCF94AC5C7BCB07E82868E66C1CCA183D0F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. ............$......................,.........2...3(.........6.."......>...!.V...".....#.z...'.....(.....,......../...........{....2..X............................?.%....D....^..<....\.W...a...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..w.o.r.k.e.r.-.s.t.o.r.a.g.e..........2.........:.y............!.....X.%L........2..........W...........-...?.....K2..1.......J...T........".w.....#D...........s.t.i.c...s.......&.....& 2........>..........>..........>..........>..........>..........>..........>...................$.......................!...AP..2.5......)..........>........>........>........>........>........>........>............................. ..p.r.e.f%...... ..........>........>........>........>........>....F......>&.......>..........................1........$#q......!..". .T....f..(_.h.m.a.c._e..y%-.....0!-..A9!-....>..!-....>..!-....>..!-....>..!-...~>..I..}>..!....|>..I..{..%....a........o.................n.......5.5D...m>&......l>.......k>.......j>.......i>.......h>.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000030.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5419
                                                                                                                                                                                                    Entropy (8bit):4.32254652526228
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:35djDyqZQTHhkRMQJIevmlBlcldoqf2KeAtNw:HjuhktJIplBlUdoqn1Nw
                                                                                                                                                                                                    MD5:736FF323F24F5CB5B4BA16FD65AF6BFF
                                                                                                                                                                                                    SHA1:0E0021DFAD219ADE3AC07093B4BD1CB8EF5C0DF2
                                                                                                                                                                                                    SHA-256:82BC3F37247A534518A4120CEDBD1E725274EA262AACC2E041582863E20DA7A4
                                                                                                                                                                                                    SHA-512:54A8F0C29742CF6062D604A996C0BE8B7C049E2278F752C6C1667137CAAE239D3693A741EB074866688952C9012D2E7C51107C4ECBAE534BC258BD097D087E74
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:5...8....................2.................7@....................o".lineI.".log"ZXS#- 2024-03-10 17:31:41.482:[warn][service-worker] l10n should not be included in worker!".timestampN...J..xB".countI.{.......2.1&............................................2.1..................2...........2.1.........................7@,...............................7@............J..xB........7@.........7@..... .......7@........7@.........7@......2.1.........................7@......2.1......................J..xB........7@......2.1................. .......7@........7@`#.......................2.................8@....................o".lineI0".log"GXS#- 2024-03-10 17:31:41.490:[log][service-worker] sw version: 2.2410.1".timestampN. .J..xB".countI0{.......2.1..................2...........2.1.........................8@G.].............................8@.......... .J..xB........8@.........8@..... .......8@........8@.........8@......2.1.........................8@......2.1.................... .J..xB........8@...

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000031.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):249
                                                                                                                                                                                                    Entropy (8bit):4.415169061091637
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:UlDGWvQ7Kgal/12geGsljMLJnUIR8/AXsEfl52gl/q/4:UIWvB/cIG5/AcENv/q/4
                                                                                                                                                                                                    MD5:5F175C78B794649D321F9BB0A27F4E1D
                                                                                                                                                                                                    SHA1:7BA60F98BB9BD8C3025642FB522DEDEB4969A3FE
                                                                                                                                                                                                    SHA-256:452BF680622FAB2FA810665C47CA66F8310F39CB6F93D061BA682D652F831E23
                                                                                                                                                                                                    SHA-512:53864F07BA106ED061F4CAF5415BB89E7F14565110E3A97990362D3176DE852390AE3E1B685EC2F6C48CE793C33FD87DBD1FFC906815E12225839F62A843204D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:l.......2................................................ ...........L.....................S....EEt1...............Q...".filter.leveldb.BuiltinBloomFilter2_.............\.................Z............v/......................................W...$uG.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000032.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11602
                                                                                                                                                                                                    Entropy (8bit):6.605951293804881
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:bXhlrOVjSKepDbj+KrfkD15YMsstLWhoD6Sck+AAhhmhDfey9T/OGqHnhcM4eRa3:Vgpibj+KbkHYM16KOSHfZFaDHnaMnRa3
                                                                                                                                                                                                    MD5:1B5D47D2B9FCC8D508C183DAA3406654
                                                                                                                                                                                                    SHA1:30A71750B310B20353E02077000CFD627EEED318
                                                                                                                                                                                                    SHA-256:B225C4C480DCDBCB299A81D4449A7CF20B1C61E3EDA1532A7AD15BEC97B6979B
                                                                                                                                                                                                    SHA-512:1E7CFCCD8183B027E37CC8843AFF96C2E08F3552B449D2B9C2BF3E87A7D83CFF5AE0E9FD1B0968F2B337B5A7531308BA57E752FB701BF407EEF01B97D0B8A068
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. ............$......................,.........2...3(.........>.."....!.V...".....#.z...'.....(.....,...v..../...........o....:..X...................!........X.%L........2..........W...............?.....K2......?......2..c...J.,.c........".......#|...........s.t.i.c.k.e.r.s.......&.....& 2........>..........>..........>..........>..........>..........>..........>...................$...................,...p.p..................>........>........>.......).5{....>&.......>........>........>............................. ..p.r.e.f%...... ..........>........>........>..!.....>........>........>........>..............-..........1........$)..#q......'l.". .......f.t.s._.h.m.a.c._e..y%$.....0!$....Q#..>..!$....>..!$....>..!$....>..!$...~>..!$...}>..!$...|>..I..{..%....a........o.................n....M..m>.......l>.......k>.......j>....u(5....i>&......h>.......g>..I!.f........I!.[..1.A!....'Q......!..!..............:....2..............T....(.w..:#....w.....w..:w...2..:w......w...w..,.w......(....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000033.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:Dyalog APL DFS component file 64-bit level 1 journaled checksummed version 15.-1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):103301
                                                                                                                                                                                                    Entropy (8bit):4.54451451009375
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:94SK0153v5yCTnIf6yME+RcvS5/Um/cUeGfTBhIX1Yn:9tf5Af6yME+RcvS5/Um0Ue48X1Yn
                                                                                                                                                                                                    MD5:9C79952D2908FEE39615A322AE98047A
                                                                                                                                                                                                    SHA1:ABE586709DCD1470EA673EA89536F27543D173D6
                                                                                                                                                                                                    SHA-256:F849465DC077C5A3343CFBB7E76BA1BCCC2499789CAAC3E0BC4FC4FB175F4862
                                                                                                                                                                                                    SHA-512:CBFAF34D334F26B7525B6DC9E17190B6D21BFB8AABD76FB8A79B6DE0EA13ADA99EDF51DACCA0635C24C85225543ADF4E6D3116055D3470420D51D251533AB67E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....'....................2./...............2./.........................2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1...............2.1..|..........................U.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..m.o.d.e.l.-.s.t.o.r.a.g.e.....................}'.M..............................2.2.....................2.2........................k...............................2..".p.e.n.d.i.n.g.-.m.u.t.a.t.i.o.n.s......2........i.d......2..........2..........2..........2..........2..........2.....(.......p.e.n.d.i.n.g.-.m.u.t.a.t.i.o.n.s........2.2.........................2.2..................2.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000034.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2801
                                                                                                                                                                                                    Entropy (8bit):6.265495333540429
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:S7pmTKFoICra3OsdfaOfaOfl8tfaOY+UavVxXo8LzlV1Rk/WZGj3BE/CZReiVTa3:S7pNFokeOPyOatyOhUedo0zlfaOZ63Bo
                                                                                                                                                                                                    MD5:E837FD348A13E155F307075DAE90B24E
                                                                                                                                                                                                    SHA1:90D5FF8B2F06F945F868FEEC3044D8E50C12F60B
                                                                                                                                                                                                    SHA-256:F14D47F82500C0B02E01E7D466D4C48C661816F3F0644FE1BBEE729A5604E9EC
                                                                                                                                                                                                    SHA-512:B5B60618B4C4058A26BD73987176B01D00E7A5428900015B9827BD4D6AC6E99B8A8B717CAF06D81981204960A1C37C449F6526467261BE3173C288C38F6C0122
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:. .......2............!.....".-....#.....'.2...(.7...,.....1...H...&...........Q(............................<....!....................................".9...................z.2..'...................................................................................................F..... ........!.....".....#.....$.....%.....&.....'.....(.....).....*.....+.....,......#1.....)...................3.......................................%...........................................................F.....................'1#......E../.....0.....1......(.9.3...9.4.....5.....6......,.9...8........9.....:.....;.....<.....=.....W...>........?.....@.....A.....B.....C.....D.....E.....F.....G.....H.....I.....J.....K.....L.....M..F.....N........O.....P.....Q.....R.....S.....T.....U.....V.....W.....X.....Y.....Z.....[.....\.....]..F.....^........_.....`.....a.....b.....c.....d.....e.....f.....g.....h.....i.....j.....k.....l.....m......Um...n........o.....p.....q.....r.....s.....t.....u.....v.....w.....x...

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000035.ldb

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):10589
                                                                                                                                                                                                    Entropy (8bit):6.648636509194025
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:2RVBf+AQVmGswtEg4UMkmpjoVMshYjRRlSWCgR9+CJ1DDLj39K90tDtNiqC:ivFQVH3KvUboaHhYvt3N/j39K9IDtNm
                                                                                                                                                                                                    MD5:8F0AD336D0CE0980A0F759856810F024
                                                                                                                                                                                                    SHA1:DEB67DE64D35728FDE0054332BE4FB1DE0A20C90
                                                                                                                                                                                                    SHA-256:18BE20E248F837652C0C1682F71230F873CC8E9269D5D65FFF185D864B463180
                                                                                                                                                                                                    SHA-512:9F40457D9516D7E8B67CA93A392E7CFA38BA4A0D4EBA036C1493FD1CD12E45B50331B7B5F82DDF90A4BE505E21E9780246BAA986EF24282C59665ECB08F2107E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.!............$......................,.........2...3$......./........1........./.'.......X...................1..........%....... .w.;@..........2'.$.....J..xB.'.......'.........D.....2.....;@........L........2.............:...:...:......2'.......2...'......'6........2.....:@...!..2.59.....,2............:...9...9......2'.......2...'......'6........2.............2............:...8...8......2'..... .2...'......'6........2.............2............:...7...7......2'.......2...'......'6........2.............2....._ee.y...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..s.i.g.n.a.l.-.s.t.o.r.a.g.e.........:....s.w.Q.......:....w.a.w.c......:......<._.d.b._.e.n.c.M.8.....9...7..Y.......... ........... ....2......4.l.o.g.s........<....l.i.n.e.....e..T......d...............b.).. .. .........................4.....m.........5.....\...6...v.7.....8...\...[...!.v.:...4...;..........f..4.l.1.0.n.....g.. ....k.e.y...h...y.i.....j...y.......l.......m............(.u.s.e.r............6...............

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):11305
                                                                                                                                                                                                    Entropy (8bit):4.911947155711213
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:eoJw0ihE3LlqRiCYgab7ptq118Sgt+tFiWjsId:exPg4riE
                                                                                                                                                                                                    MD5:E00CCF5F4499284897EC032410BEF1EB
                                                                                                                                                                                                    SHA1:970F593AED000DA22856784130A681B656A17465
                                                                                                                                                                                                    SHA-256:0721F12066728CBF7252BCA4F3C170F128235506637241A0F2A203D83ECC297F
                                                                                                                                                                                                    SHA-512:3E861A37D0E553C1F274D5AB50324029ABD9BB8B5BC283B2520EACAAA4C5307330F799ED1F20F564558059482A431C5ADB0CCF945FAC494AF64FADEEBE05C768
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:35.097 1960 Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb since it was missing..2024/03/10-17:31:35.140 1960 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb/MANIFEST-000001.2024/03/10-17:31:41.667 1994 Level-0 table #5: started.2024/03/10-17:31:41.691 1994 Level-0 table #5: 16077 bytes OK.2024/03/10-17:31:41.692 1994 Delete type=0 #3.2024/03/10-17:31:41.693 1960 Manual compaction at level-0 from '\x00\x02\x00\x00\x00' @ 72057594037927935 : 1 .. '\x00\x03\x00\x00\x00' @ 0 : 0; will stop at (end).2024/03/10-17:31:41.709 19e8 Level-0 table #7: started.2024/03/10-17:31:41.784 19e8 Level-0 table #7: 1421 bytes OK.2024/03/10-17:31:41.788 19e8 Delete type=0 #4.2024/03/10-17:31:41.910 19fc Manual compaction at level-0 from '\x00\x03\x00\x00\x00' @ 72057594037927935 : 1 .. '\x00\x04\x00\x00

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1524
                                                                                                                                                                                                    Entropy (8bit):4.4401905858945545
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:ZOF6LwCXCzcm/BQ4m/Bdm/B6hVDdi4DgrBmDfBJ3dyDjoq5bhQDyE5jedDiGXbgc:ZOIwFsSIVD04DgrBmDfBJ3dyD55KDyk0
                                                                                                                                                                                                    MD5:9542CCCDBF34ABDB2CFF9400F892A419
                                                                                                                                                                                                    SHA1:EA2C3E99F640770FA3DEE83A3D49C22323F94CC8
                                                                                                                                                                                                    SHA-256:4D78DE5459C9B536F37A66076CFD4299125469708ED331B921971674010FBE7C
                                                                                                                                                                                                    SHA-512:B5D60F9BAA0A3F93E5968D276DF67B9FA7B12330E826069B814CCB6D13B85F48872C54A6456EF4E2A772FACFD4B738309B501F257C71C201CE99EA6E9DA50F3E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........idb_cmp1......Y.F*...............}................................*.......................@.............F......U.).@....................F................>.............................Z.5.......................P..............p.r.e.f.s.........P.IV.....................p.r.e.f.s..................G......................p.r.e.f.s........-.-.=.....................2..................s.t.i.c.k.e.r.s............b.....................s.t.i.c.k.e.r.s..................M......................s.t.i.c.k.e.r.s.........kj.Q..............................4.......s.i.g.n.e.d.-.p.r.e.k.e.y.-.s.t.o.r.e.E......Y%<...............4.......s.i.g.n.e.d.-.p.r.e.k.e.y.-.s.t.o.r.e.E................^..............4.......s.i.g.n.e.d.-.p.r.e.k.e.y.-.s.t.o.r.e.E........P*............................................z..@.....................................^............................N@..,.....................2..........................@.....................................^...............................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):156
                                                                                                                                                                                                    Entropy (8bit):5.303922389167117
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:KTBll/4iM30kUk6iPWRGWWi1CO5Nm3VWf5GWWi+/efjZo3O5GWWi+gZ:KTp/4umvPWQRi1CmVYRiWefjZo3OYRiz
                                                                                                                                                                                                    MD5:EE836C23A8337B75C40BEAF5C4CC494C
                                                                                                                                                                                                    SHA1:DB78183AE6DDE2DA42EE9DCB34AA9CDE7FD3213C
                                                                                                                                                                                                    SHA-256:DE3A2BAB2DB5446B3E52B2A7FB5A2901B874D08EAEA85071A92D89F99EA934BB
                                                                                                                                                                                                    SHA-512:4593762CCFDFC1B9795BF27D057A12A9A53600AADE4C484B6AB7DF86124AA8741958A73AC9154AE6460461AC680D034F93B7194C89E0D018089D429EB612507A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...................VERSION.1..META:https://web.whatsapp.com..........(_https://web.whatsapp.com..dexie_version..3.2.2. _https://web.whatsapp.com..INCOG

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):357
                                                                                                                                                                                                    Entropy (8bit):5.287634947429567
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:Fr5TzL+q2PwknaZ5KrWLYQV+d1a2jMGIFUt88r3Wf1Zmw+8r3Z891LVkwOwknaZO:Z9n+vYrHUd1EFUt8e3Wf1/+e36V5JrHw
                                                                                                                                                                                                    MD5:3EF5D4BE00CF87A3C72EC40F037243EF
                                                                                                                                                                                                    SHA1:5D038B3104E22E129111DE054C35A7529F5900C1
                                                                                                                                                                                                    SHA-256:451B226DE8EC86D27C1F6D8DDE66F3FC46923592E0501D1B885FF8F2639F7374
                                                                                                                                                                                                    SHA-512:332DF2B16B097648F0071142730C49CA2FFE9932CC8F37A5EB3485500E12D71C3BFE2D495AC4FBB3A7D757057173AC2A917EEB2D399694790A31774B4DFC2D2B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:19.769 c9c Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb/MANIFEST-000001.2024/03/10-17:31:19.933 c9c Recovering log #3.2024/03/10-17:31:19.960 c9c Reusing old log C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb\LOG.old (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):357
                                                                                                                                                                                                    Entropy (8bit):5.287634947429567
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:Fr5TzL+q2PwknaZ5KrWLYQV+d1a2jMGIFUt88r3Wf1Zmw+8r3Z891LVkwOwknaZO:Z9n+vYrHUd1EFUt8e3Wf1/+e36V5JrHw
                                                                                                                                                                                                    MD5:3EF5D4BE00CF87A3C72EC40F037243EF
                                                                                                                                                                                                    SHA1:5D038B3104E22E129111DE054C35A7529F5900C1
                                                                                                                                                                                                    SHA-256:451B226DE8EC86D27C1F6D8DDE66F3FC46923592E0501D1B885FF8F2639F7374
                                                                                                                                                                                                    SHA-512:332DF2B16B097648F0071142730C49CA2FFE9932CC8F37A5EB3485500E12D71C3BFE2D495AC4FBB3A7D757057173AC2A917EEB2D399694790A31774B4DFC2D2B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:19.769 c9c Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb/MANIFEST-000001.2024/03/10-17:31:19.933 c9c Recovering log #3.2024/03/10-17:31:19.960 c9c Reusing old log C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb/000003.log .

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Login Data

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 21, cookie 0xc, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):43008
                                                                                                                                                                                                    Entropy (8bit):0.9009435143901008
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:C2BeymwLCn8MouB6wzFlXqiEqUvJKLuyn:C2TLG7IwRFqidn
                                                                                                                                                                                                    MD5:FB3D677576C25FF04A308A1F627410B7
                                                                                                                                                                                                    SHA1:97D530911F9CB0C37717ABB145D748982ADA0440
                                                                                                                                                                                                    SHA-256:A79300470D18AF26E3C5B4F23F81915B92D490105CE84A8122BF8100EC0C7517
                                                                                                                                                                                                    SHA-512:ED6666B064958B107E55BD76E52D2E5BF7A4791379902D208EF909A6B68803240D372CE03641249EB917C241B36A5684656A48D099A8A084AD34BA009857B098
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network Action Predictor

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):45056
                                                                                                                                                                                                    Entropy (8bit):0.40293591932113104
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                                                                                                                                                                    MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                                                                                                                                                    SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                                                                                                                                                    SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                                                                                                                                                    SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\14b4a460-ab6b-4f3e-a492-f459b57072eb.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):188
                                                                                                                                                                                                    Entropy (8bit):5.420232887450327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YWRAWNj+gvJcDOofPwXq6FrUwBvT1Y9B8HQXwlm9yJUA6XcIR6RX77XMq/ddoKqw:YWyWNauJW/PeqyrUwBKB8wXwlmUUAnIi
                                                                                                                                                                                                    MD5:62E4052B9873C96A804DDB358E832939
                                                                                                                                                                                                    SHA1:F307E7184D747CB71D237A7E03A40658E7683245
                                                                                                                                                                                                    SHA-256:2240E3FBEE10E710CBEDC9A6D8C6EA9EA11701D42883A0C5F717A7AB0D5BB8DA
                                                                                                                                                                                                    SHA-512:CA02695C7C909F5C93DB065FEC1F40F2766178B95D09D5DCCAFCEDAA002EC9B1CE7E5DF495DACC55847AC05B04C3C82BC98BD1CECB73689F711AFE23E88AF4A2
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"sts":[{"expiry":1741624301.927259,"host":"IN4MVOmjPvy672m6akZ9Q9TjfMfib7NqhGdJ6K/GKYU=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1710088301.927265}],"version":2}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\2f393ddb-9a4c-4575-a85a-ba6b433b52a3.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\383a706a-a2a7-45cf-9ec0-dce92bdf4f31.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                    Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                    MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                    SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                    SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                    SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\43706181-22d2-404d-a056-4e8c36410146.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\44a37570-da09-47f3-b8b5-cb6920a321ca.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\5c3bf6f2-d010-4e85-90be-0f48e7e0008c.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                    Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                    MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                    SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                    SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                    SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\7fbec224-668a-48af-8ebe-1751710b6830.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Cookies

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                    Entropy (8bit):0.6732424250451717
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                                                                                                                                                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                                                                                                                                                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                                                                                                                                                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                                                                                                                                                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):111
                                                                                                                                                                                                    Entropy (8bit):4.718418993774295
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                                                                    MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                                                                    SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                                                                    SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                                                                    SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Network Persistent State~RF61c5d8.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):111
                                                                                                                                                                                                    Entropy (8bit):4.718418993774295
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                                                                    MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                                                                    SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                                                                    SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                                                                    SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Reporting and NEL

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                    Entropy (8bit):1.121758664397137
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:TKIopKWurJNVr1GJmA8pv82pfurJNVrdHXuccaurJN2VrJ1n4n1GmzNGU1cSBx5L:eIEumQv8m1ccnvS6x50Ph50Dwh5wxP
                                                                                                                                                                                                    MD5:A7D2921C8B730DE43F274B172CC2CD66
                                                                                                                                                                                                    SHA1:F87F9F171201B23717498156580F2662ADA02075
                                                                                                                                                                                                    SHA-256:ABD8F8C8D70465ECDFB64C1913631251D6E712215DBACAEFDBF3EA232332490B
                                                                                                                                                                                                    SHA-512:2695819D79F1EC1BAC0E4BD3CE7194122FFE2A4ED9BB4525D27F179C321B69FF02AC4D113F7D22526550729C813C34D3FC3E6E35A3BD0567597008EAFBA54371
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\SCT Auditing Pending Reports~RF615b66.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\SCT Auditing Pending Reports~RF6194a6.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\SCT Auditing Pending Reports~RF619533.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2
                                                                                                                                                                                                    Entropy (8bit):1.0
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:H:H
                                                                                                                                                                                                    MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                    SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                    SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                    SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:[]

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                    Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                    MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                    SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                    SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                    SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Sdch Dictionaries~RF61bd3d.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                    Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                    MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                    SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                    SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                    SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\TransportSecurity (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):188
                                                                                                                                                                                                    Entropy (8bit):5.435640318047346
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YWRAWNj+0LWUkbsofPwXq6FrUwBvT1Y9B8HQXwlm9yJUA6XcIR6RX77XMq/ddNQG:YWyWNa0LWU41PeqyrUwBKB8wXwlmUUAb
                                                                                                                                                                                                    MD5:9E08E249AA3FCAE361A7C117C31F0647
                                                                                                                                                                                                    SHA1:034650082D2885072394C379437BCC38EFCC7F0A
                                                                                                                                                                                                    SHA-256:5F8E566B7A06D89B931A420E8D5F7B54CE1FC40E059AB36552AE647039D9004A
                                                                                                                                                                                                    SHA-512:B180B52B454B1017F8E23E326635106BBE122AB4F30585668198783CD7332621D451B4889BFB0162A64CEA961F7034E1F974458C9BC3BA4113D35C928B74AB8A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"sts":[{"expiry":1741624285.315497,"host":"IN4MVOmjPvy672m6akZ9Q9TjfMfib7NqhGdJ6K/GKYU=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1710088285.315502}],"version":2}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\TransportSecurity~RF61fc2a.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):188
                                                                                                                                                                                                    Entropy (8bit):5.435640318047346
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YWRAWNj+0LWUkbsofPwXq6FrUwBvT1Y9B8HQXwlm9yJUA6XcIR6RX77XMq/ddNQG:YWyWNa0LWU41PeqyrUwBKB8wXwlmUUAb
                                                                                                                                                                                                    MD5:9E08E249AA3FCAE361A7C117C31F0647
                                                                                                                                                                                                    SHA1:034650082D2885072394C379437BCC38EFCC7F0A
                                                                                                                                                                                                    SHA-256:5F8E566B7A06D89B931A420E8D5F7B54CE1FC40E059AB36552AE647039D9004A
                                                                                                                                                                                                    SHA-512:B180B52B454B1017F8E23E326635106BBE122AB4F30585668198783CD7332621D451B4889BFB0162A64CEA961F7034E1F974458C9BC3BA4113D35C928B74AB8A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"sts":[{"expiry":1741624285.315497,"host":"IN4MVOmjPvy672m6akZ9Q9TjfMfib7NqhGdJ6K/GKYU=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1710088285.315502}],"version":2}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Trust Tokens

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 9, cookie 0x7, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):36864
                                                                                                                                                                                                    Entropy (8bit):0.3886039372934488
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:TLqEeWOT/kIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:T2EeWOT/nDtX5nDOvyKDhU1cSB
                                                                                                                                                                                                    MD5:DEA619BA33775B1BAEEC7B32110CB3BD
                                                                                                                                                                                                    SHA1:949B8246021D004B2E772742D34B2FC8863E1AAA
                                                                                                                                                                                                    SHA-256:3669D76771207A121594B439280A67E3A6B1CBAE8CE67A42C8312D33BA18854B
                                                                                                                                                                                                    SHA-512:7B9741E0339B30D73FACD4670A9898147BE62B8F063A59736AFDDC83D3F03B61349828F2AE88F682D42C177AE37E18349FD41654AEBA50DDF10CD6DC70FA5879
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\bf738948-5db4-488f-bd4b-334c6ebdc6f7.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):188
                                                                                                                                                                                                    Entropy (8bit):5.435640318047346
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YWRAWNj+0LWUkbsofPwXq6FrUwBvT1Y9B8HQXwlm9yJUA6XcIR6RX77XMq/ddNQG:YWyWNa0LWU41PeqyrUwBKB8wXwlmUUAb
                                                                                                                                                                                                    MD5:9E08E249AA3FCAE361A7C117C31F0647
                                                                                                                                                                                                    SHA1:034650082D2885072394C379437BCC38EFCC7F0A
                                                                                                                                                                                                    SHA-256:5F8E566B7A06D89B931A420E8D5F7B54CE1FC40E059AB36552AE647039D9004A
                                                                                                                                                                                                    SHA-512:B180B52B454B1017F8E23E326635106BBE122AB4F30585668198783CD7332621D451B4889BFB0162A64CEA961F7034E1F974458C9BC3BA4113D35C928B74AB8A
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"sts":[{"expiry":1741624285.315497,"host":"IN4MVOmjPvy672m6akZ9Q9TjfMfib7NqhGdJ6K/GKYU=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1710088285.315502}],"version":2}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\c9ae3f99-4748-442f-8c2c-37ec1d322094.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):111
                                                                                                                                                                                                    Entropy (8bit):4.718418993774295
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                                                                    MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                                                                    SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                                                                    SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                                                                    SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\e60cee3e-b0d1-4d09-ba6f-f662720786eb.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):111
                                                                                                                                                                                                    Entropy (8bit):4.718418993774295
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YLb9N+eAXRfHDH2LS7PMVKJq0nMb1KKtiVY:YHpoeS7PMVKJTnMRK3VY
                                                                                                                                                                                                    MD5:285252A2F6327D41EAB203DC2F402C67
                                                                                                                                                                                                    SHA1:ACEDB7BA5FBC3CE914A8BF386A6F72CA7BAA33C6
                                                                                                                                                                                                    SHA-256:5DFC321417FC31359F23320EA68014EBFD793C5BBED55F77DAB4180BBD4A2026
                                                                                                                                                                                                    SHA-512:11CE7CB484FEE66894E63C31DB0D6B7EF66AD0327D4E7E2EB85F3BCC2E836A3A522C68D681E84542E471E54F765E091EFE1EE4065641B0299B15613EB32DCC0D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"net":{"http_server_properties":{"servers":[],"version":5},"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Preferences (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5604
                                                                                                                                                                                                    Entropy (8bit):4.754422429722215
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:stK/vL21s13UCa8zodY5eh6Cb7/x+6MhmuecmAeF9eIMR7K:styvksyCak+Y8bV+FiA4edhK
                                                                                                                                                                                                    MD5:6AAFD5AF934E4EFA8582F8CA35D166F8
                                                                                                                                                                                                    SHA1:835835ED12C40D04B23BCF72734E88766AE8A955
                                                                                                                                                                                                    SHA-256:11ED3989B8EF8E510CFEAC18F35CEC627B5F239EDC4E4C17F82FC20A31C0D57C
                                                                                                                                                                                                    SHA-512:310E043B27338FDB023038466A5890033550593AA81DAA9642EE402ECBE3EDFC72B71646FBEA1FB0C7A893FB40934B730B26317BB418291CDA1B908ED6224F9D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13354561864756333","alternate_error_pages":{"backup":true,"enabled":false},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":984,"browser_content_container_width":1066,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13354561864577512","domain_diversity":{"last_reporting_timestamp":"13354561863857231"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sit

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Preferences~RF61b6b5.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5604
                                                                                                                                                                                                    Entropy (8bit):4.754422429722215
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:stK/vL21s13UCa8zodY5eh6Cb7/x+6MhmuecmAeF9eIMR7K:styvksyCak+Y8bV+FiA4edhK
                                                                                                                                                                                                    MD5:6AAFD5AF934E4EFA8582F8CA35D166F8
                                                                                                                                                                                                    SHA1:835835ED12C40D04B23BCF72734E88766AE8A955
                                                                                                                                                                                                    SHA-256:11ED3989B8EF8E510CFEAC18F35CEC627B5F239EDC4E4C17F82FC20A31C0D57C
                                                                                                                                                                                                    SHA-512:310E043B27338FDB023038466A5890033550593AA81DAA9642EE402ECBE3EDFC72B71646FBEA1FB0C7A893FB40934B730B26317BB418291CDA1B908ED6224F9D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13354561864756333","alternate_error_pages":{"backup":true,"enabled":false},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":984,"browser_content_container_width":1066,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13354561864577512","domain_diversity":{"last_reporting_timestamp":"13354561863857231"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sit

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Preferences~RF622fae.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):5604
                                                                                                                                                                                                    Entropy (8bit):4.754422429722215
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:stK/vL21s13UCa8zodY5eh6Cb7/x+6MhmuecmAeF9eIMR7K:styvksyCak+Y8bV+FiA4edhK
                                                                                                                                                                                                    MD5:6AAFD5AF934E4EFA8582F8CA35D166F8
                                                                                                                                                                                                    SHA1:835835ED12C40D04B23BCF72734E88766AE8A955
                                                                                                                                                                                                    SHA-256:11ED3989B8EF8E510CFEAC18F35CEC627B5F239EDC4E4C17F82FC20A31C0D57C
                                                                                                                                                                                                    SHA-512:310E043B27338FDB023038466A5890033550593AA81DAA9642EE402ECBE3EDFC72B71646FBEA1FB0C7A893FB40934B730B26317BB418291CDA1B908ED6224F9D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13354561864756333","alternate_error_pages":{"backup":true,"enabled":false},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":984,"browser_content_container_width":1066,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13354561864577512","domain_diversity":{"last_reporting_timestamp":"13354561863857231"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":{},"shared_cookie_data":{},"sitelist_data_2":{},"sit

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\PreferredApps

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):33
                                                                                                                                                                                                    Entropy (8bit):4.051821770808046
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                                                                                                                                                    MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                                                                                                                                    SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                                                                                                                                    SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                                                                                                                                    SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"preferred_apps":[],"version":1}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\README

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):182
                                                                                                                                                                                                    Entropy (8bit):4.2629097520179995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:RGXKRjg0QwVIWRKXECSAV6jDyhjgHGAW+LB2Z4MKLFE1SwhiFAfXQmWyKBPMwRgK:z3frsUpAQQgHGwB26MK8Sw06fXQmWtRT
                                                                                                                                                                                                    MD5:643E00B0186AA80523F8A6BED550A925
                                                                                                                                                                                                    SHA1:EC4056125D6F1A8890FFE01BFFC973C2F6ABD115
                                                                                                                                                                                                    SHA-256:A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
                                                                                                                                                                                                    SHA-512:D91A934EAF7D9D669B8AD4452234DE6B23D15237CB4D251F2C78C8339CEE7B4F9BA6B8597E35FE8C81B3D6F64AE707C68FF492903C0EDC3E4BAF2C6B747E247D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Microsoft Edge settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through Microsoft Edge defined APIs.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Secure Preferences (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6780
                                                                                                                                                                                                    Entropy (8bit):5.579760184607159
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:vkiAPlf/ROoBpkF5d1OiD7VaTEv9V5h5pg5vezodIU8PmSpsA5IOrMn3YPo0MG6q:NkrKF9l5PmSpFIOAn3go0iuN
                                                                                                                                                                                                    MD5:14B5DCE22494648DD6683EEDD5E5A1C5
                                                                                                                                                                                                    SHA1:FE7926A2E4AE31A534FAA75AADC9DF7D73B3B000
                                                                                                                                                                                                    SHA-256:9F76ED2DE31BAC2BF600F450DA85554D446DD316154E15619F94B32A2E9437DD
                                                                                                                                                                                                    SHA-512:90592B3C8C8E8F47C5EC204F60D379DB0D248F383A39A3F37344653FF47CB8FFAB5F790C2221B6F0D71BA4F86B2D241373AEDBDAF6470536ACD77571CF3AC538
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13354561863316208","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13354561863316208","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.officeapps.live.com.mcas.ms/*","https://*onenote.officeapps.live.com.mcas.ms/*","https://*word-edit.officeapps.live.com.mcas.ms/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\4061fcf7-5349-4f87-9296-9386dcb837bf\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\4061fcf7-5349-4f87-9296-9386dcb837bf\index-dir\temp-index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                    Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:RoC0EC7XKln:7gXKln
                                                                                                                                                                                                    MD5:D1C2708A9A8D1E928BB2FFFE8ABEA281
                                                                                                                                                                                                    SHA1:CF31E50B6151D2A405E5CBAB5E16444F4ED953EE
                                                                                                                                                                                                    SHA-256:74D538F2DB622A5325F98BBFD873B9762A37CD2B5715C419B7D6600EB94F11A1
                                                                                                                                                                                                    SHA-512:CF9A9071331FD3ABC9E9CF4FB96FAB8F64F0224C9F4007168C303FF75F4FFE9B97187850F304CF95BD15836C79DA5A18153B323959C08206C28DA61BD8985ED0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:(.......oy retne..........................E>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\4061fcf7-5349-4f87-9296-9386dcb837bf\index-dir\the-real-index (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                    Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:RoC0EC7XKln:7gXKln
                                                                                                                                                                                                    MD5:D1C2708A9A8D1E928BB2FFFE8ABEA281
                                                                                                                                                                                                    SHA1:CF31E50B6151D2A405E5CBAB5E16444F4ED953EE
                                                                                                                                                                                                    SHA-256:74D538F2DB622A5325F98BBFD873B9762A37CD2B5715C419B7D6600EB94F11A1
                                                                                                                                                                                                    SHA-512:CF9A9071331FD3ABC9E9CF4FB96FAB8F64F0224C9F4007168C303FF75F4FFE9B97187850F304CF95BD15836C79DA5A18153B323959C08206C28DA61BD8985ED0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:(.......oy retne..........................E>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\4b935e02-f04e-4dd8-9236-bcac997cd382\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\4b935e02-f04e-4dd8-9236-bcac997cd382\index-dir\temp-index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                    Entropy (8bit):2.9555576533947305
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:sZIAR0EPTn:syA9PTn
                                                                                                                                                                                                    MD5:9031118A3711AD9F5C4039735BB26E1C
                                                                                                                                                                                                    SHA1:21420EB4217B8F9276E692E36EAB465E938980D9
                                                                                                                                                                                                    SHA-256:23342A92402D371B6AFD11D2014F9BC85F5589DB64A6F5476F4BD288BE24C9CB
                                                                                                                                                                                                    SHA-512:1F592504F6FE80EB5781D5AB67647EAB7E1B50470E202C689B309D4F97854165BB02484F91DD133C5A05F1846F4EC1F9406053741B2459E6160946AEB92D2056
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:(...qf..oy retne.........................VE>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\4b935e02-f04e-4dd8-9236-bcac997cd382\index-dir\the-real-index (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                    Entropy (8bit):2.9555576533947305
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:sZIAR0EPTn:syA9PTn
                                                                                                                                                                                                    MD5:9031118A3711AD9F5C4039735BB26E1C
                                                                                                                                                                                                    SHA1:21420EB4217B8F9276E692E36EAB465E938980D9
                                                                                                                                                                                                    SHA-256:23342A92402D371B6AFD11D2014F9BC85F5589DB64A6F5476F4BD288BE24C9CB
                                                                                                                                                                                                    SHA-512:1F592504F6FE80EB5781D5AB67647EAB7E1B50470E202C689B309D4F97854165BB02484F91DD133C5A05F1846F4EC1F9406053741B2459E6160946AEB92D2056
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:(...qf..oy retne.........................VE>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\5f6b05dd-385e-4ad0-aad3-402004d8fb4f\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\5f6b05dd-385e-4ad0-aad3-402004d8fb4f\index-dir\temp-index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                    Entropy (8bit):2.955557653394731
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:iGQaEO8gbu:iv16u
                                                                                                                                                                                                    MD5:683EDCF20C8C96CFB938241E263E21BE
                                                                                                                                                                                                    SHA1:4A6068D563E3DC4FD7F4475BBD57A8DB26551AF1
                                                                                                                                                                                                    SHA-256:2886DFF75F7FB2AC9DFEFAE3DD73DC12CC1DEBEDD2F32C430D710AB14509AC8B
                                                                                                                                                                                                    SHA-512:3BC436ED87B9089C4E43A9E224C44CD98230F2531A8E9665E6E58F64019D0DF5AB06356E31A2175EC31E443C0F35511094D716B430CF6AF05BA90D7D860C74BF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:(....c..oy retne..........................E>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\5f6b05dd-385e-4ad0-aad3-402004d8fb4f\index-dir\the-real-index (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                    Entropy (8bit):2.955557653394731
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:iGQaEO8gbu:iv16u
                                                                                                                                                                                                    MD5:683EDCF20C8C96CFB938241E263E21BE
                                                                                                                                                                                                    SHA1:4A6068D563E3DC4FD7F4475BBD57A8DB26551AF1
                                                                                                                                                                                                    SHA-256:2886DFF75F7FB2AC9DFEFAE3DD73DC12CC1DEBEDD2F32C430D710AB14509AC8B
                                                                                                                                                                                                    SHA-512:3BC436ED87B9089C4E43A9E224C44CD98230F2531A8E9665E6E58F64019D0DF5AB06356E31A2175EC31E443C0F35511094D716B430CF6AF05BA90D7D860C74BF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:(....c..oy retne..........................E>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\6bdb3c4a-b6a8-40fb-9298-5957f7e38840\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\6bdb3c4a-b6a8-40fb-9298-5957f7e38840\index-dir\temp-index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                    Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:9BmR0E613n:q9e3n
                                                                                                                                                                                                    MD5:CBF01CCB6913C0CE7179EBF658C80C48
                                                                                                                                                                                                    SHA1:0BC750311869704A7CB6C8F56DF89E3C5155DF85
                                                                                                                                                                                                    SHA-256:34550BBDF98D8E7C663FB6895B47B7E4F9520A7EAB636C3FBDDB7361C264EA80
                                                                                                                                                                                                    SHA-512:B42B41A2171B5A872EDAA454673E21DBC1C40769A0A1B3EEA4C96B011157B849A92DBE01C6E5618FD4E4666F64825EF9171D10564074BC36DE9137816716F9CD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:(.......oy retne..........................E>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\6bdb3c4a-b6a8-40fb-9298-5957f7e38840\index-dir\the-real-index (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):48
                                                                                                                                                                                                    Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:9BmR0E613n:q9e3n
                                                                                                                                                                                                    MD5:CBF01CCB6913C0CE7179EBF658C80C48
                                                                                                                                                                                                    SHA1:0BC750311869704A7CB6C8F56DF89E3C5155DF85
                                                                                                                                                                                                    SHA-256:34550BBDF98D8E7C663FB6895B47B7E4F9520A7EAB636C3FBDDB7361C264EA80
                                                                                                                                                                                                    SHA-512:B42B41A2171B5A872EDAA454673E21DBC1C40769A0A1B3EEA4C96B011157B849A92DBE01C6E5618FD4E4666F64825EF9171D10564074BC36DE9137816716F9CD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:(.......oy retne..........................E>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\d4ff028a-0af2-4a75-b7c4-c2e63a63f198\2a2b7cbbc61290b4_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):315
                                                                                                                                                                                                    Entropy (8bit):5.947207578017212
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:mFOY7QuuJx7Q99SCt4b32H7zdUdw2MG7l0pFDU9LATj:wOY7QLQ99FmbuzSdw2bl0pYL
                                                                                                                                                                                                    MD5:03C9552568747B57B7C86D6AB33F29A4
                                                                                                                                                                                                    SHA1:AEAF8DBFEF530F2C47D440F49EA227C2C3E27234
                                                                                                                                                                                                    SHA-256:DEDA0FE9F40A1CC1345A3ABE794E2838C9DFA217D02DCB3CFD60E405BE7D5A93
                                                                                                                                                                                                    SHA-512:E47146222CE0A9BB8E03AC5BF813F7A15042AB8A848B979FED022F5F29497EA42856AF0426E122746329435B0373C50DF01B1782A6A94A5379A7D1BC7E22ACA3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m......c....W......https://_user_prefs_key_store_.whatsapp.com/wa_web_user_prefs_cache_store_WAWebColumnPackingEnabledfalse.A..Eo......0h.+............GET.Y......." ..content-type..application/json0.......P.Z.unknown`.j.application/jsonx.............<.....,....y...>.,...H....?4.A..Eo......-...k.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\d4ff028a-0af2-4a75-b7c4-c2e63a63f198\6ea66fa5b36b4157_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):380
                                                                                                                                                                                                    Entropy (8bit):6.225098454780609
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:mWY7QuuJx7Q99vVUGaUNj6XG0tYb32H7hvzw2MG7lOOoCY4lz:FY7QLQ99tUJUNeXG0+bu5zw2bloCY45
                                                                                                                                                                                                    MD5:B2C7AB87FA305975F3222B585CE09729
                                                                                                                                                                                                    SHA1:849C8DD68B8E827AD49F4DD1635CBAA181269F52
                                                                                                                                                                                                    SHA-256:E785B2D5E212D39314ACD5AF00DFBFA0C9EF3C8131B3E0BEB7530B82509B2F73
                                                                                                                                                                                                    SHA-512:652AFD4851EE1434E0B0AAE7D6E9BD49A910988FEED89BEEBDDE784896EBD892AD450C5740FF6EEC2A5C4A592C717A188CCFF08462BD28C418E593E3A9E26920
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m......W....;.i....https://_user_prefs_key_store_.whatsapp.com/wa_web_user_prefs_cache_store_WANoiseInfoIv["xVMbiSysLyfHDqafBUaHXw==","E1b19OJqDKE6ZkWQ29m9/g==","HavMdPnPckJMua2ktJ9Mgw=="].A..Eo......Se..R...........GET.Y......." ..content-type..application/json0.......P.Z.unknown`.j.application/jsonx...............-J...g .xZ..^....9..m.....CQP...A..Eo.......0Z4k.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\d4ff028a-0af2-4a75-b7c4-c2e63a63f198\92172a9e586cee2a_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):474
                                                                                                                                                                                                    Entropy (8bit):6.419930136966394
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:oY7QLQ99/mfhHaqTuSASvU/Dbuf5sw2blPB:oQAw/QaIvU/Gfiw2blPB
                                                                                                                                                                                                    MD5:C5B1141A672509AF6EB1D1EABC78054E
                                                                                                                                                                                                    SHA1:E2D514DA686E96042925E5290355180E8D34174B
                                                                                                                                                                                                    SHA-256:7D11C39D03F5B7AC1676C01DC80EBAA986460F6028DADC0FB65E7AB92C6BB133
                                                                                                                                                                                                    SHA-512:849BF12718BF3489CB9FD4ACE76E88BD132B05088181E1740CE84FF3845C70C439ABA13DBBCD73DA15B33909C3BC1CB346AC8611E7A47D9DB18851A9A46B5EFF
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m......Y......R....https://_user_prefs_key_store_.whatsapp.com/wa_web_user_prefs_cache_store_WAWebEncKeySalt"G0L8qmIZCmSi+jfHNISAcz8glal/meH4AYvtsliJM6FT1kRNqwMGq9O4VUm0X1xIDjSxQDDERVZpvuuNOEolklrN6TB20cT3Xa3vF59zvvLylMlAeXDoiFmuXXRFf0mO6Qh59qIH+Ag6RJ5dxFqVYV2TBtwwSrP1m1juGjhtM2E=".A..Eo......f...............GET.Y......." ..content-type..application/json0......P.Z.unknown`.j.application/jsonx..............3.N..ef.....>.C..T.1....gh.. .A..Eo......~~.^k.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\d4ff028a-0af2-4a75-b7c4-c2e63a63f198\e6039a61e4d2a504_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):513
                                                                                                                                                                                                    Entropy (8bit):6.347293925512858
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:/Y7QLQ99vdHn3bHWvdI4SRvIbrrPJlcDbunFw2blNn:/QAwvdHYvPPPnFw2blNn
                                                                                                                                                                                                    MD5:DE9B6F60A99F7CA4AF69C67B61D9AD36
                                                                                                                                                                                                    SHA1:BF00767D4F54A0562D6B6510F62130906357DDFE
                                                                                                                                                                                                    SHA-256:81F6E8F27476897074504EEFEE684B062C6BA1BC770BF00E529D52059B3E2C70
                                                                                                                                                                                                    SHA-512:27692ED868CB717D12E5BCACD26BD8581B05E5A40F062CF7B185AC69ABF63B8043DC9EA1D7A1C04BB4844E3B75CBC7D77D6389622BB1143ADFDDBDD9BEB7EF7B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m......U...Z.......https://_user_prefs_key_store_.whatsapp.com/wa_web_user_prefs_cache_store_WANoiseInfo{"privKey":"TiRXUVz8CeRNA5gGpmURmMlgMrJhYcsxFhNaGbUwdHdod/KslmxX2KSBGT4xT440","pubKey":"wAdJZ3ff8OnvIkFw8zlyLp6lvJkPkm+ago+7sqFMxcQynmLodExooiNPDP22O87L","recoveryToken":"R9A5G4+wqmVArnv6T/Q5LkmySfj+J2coZBVbnve3now="}.A..Eo......%.,.............GET.Y......." ..content-type..application/json0......P.Z.unknown`.j.application/jsonx.................!I...o....#ln.z.f..6&.xA...NH.A..Eo.......Q.3k.......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\d4ff028a-0af2-4a75-b7c4-c2e63a63f198\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\d4ff028a-0af2-4a75-b7c4-c2e63a63f198\index-dir\temp-index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):144
                                                                                                                                                                                                    Entropy (8bit):3.4052112822229397
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:blFNT4l/llBl0sv6SXl//NxX/YlXBp:hsflXjx6p
                                                                                                                                                                                                    MD5:D1D766B25251B3CF31E999254F5A2DD5
                                                                                                                                                                                                    SHA1:ECAC3E8B893E03FA50B52BD2F4A83906731AF937
                                                                                                                                                                                                    SHA-256:4730CFB611D204772095612032B35CB70176C86E8DB212984CACE2C526E13A68
                                                                                                                                                                                                    SHA-512:17112DCC9CB5B1BC36EC3511C0103E1C09F8786B95B8D0A8CE5CAC4B078F73C328055D42334E2FE2FB1B522CBFE180B0C5D80E3D9437BD9B0055489A4D141108
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.....@..oy retne............................a......................|+*................WAk..o.n................*.lX.*...................".>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\d4ff028a-0af2-4a75-b7c4-c2e63a63f198\index-dir\the-real-index (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):144
                                                                                                                                                                                                    Entropy (8bit):3.4052112822229397
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:blFNT4l/llBl0sv6SXl//NxX/YlXBp:hsflXjx6p
                                                                                                                                                                                                    MD5:D1D766B25251B3CF31E999254F5A2DD5
                                                                                                                                                                                                    SHA1:ECAC3E8B893E03FA50B52BD2F4A83906731AF937
                                                                                                                                                                                                    SHA-256:4730CFB611D204772095612032B35CB70176C86E8DB212984CACE2C526E13A68
                                                                                                                                                                                                    SHA-512:17112DCC9CB5B1BC36EC3511C0103E1C09F8786B95B8D0A8CE5CAC4B078F73C328055D42334E2FE2FB1B522CBFE180B0C5D80E3D9437BD9B0055489A4D141108
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.....@..oy retne............................a......................|+*................WAk..o.n................*.lX.*...................".>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\d4ff028a-0af2-4a75-b7c4-c2e63a63f198\index-dir\the-real-index~RF624c00.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):144
                                                                                                                                                                                                    Entropy (8bit):3.4052112822229397
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:blFNT4l/llBl0sv6SXl//NxX/YlXBp:hsflXjx6p
                                                                                                                                                                                                    MD5:D1D766B25251B3CF31E999254F5A2DD5
                                                                                                                                                                                                    SHA1:ECAC3E8B893E03FA50B52BD2F4A83906731AF937
                                                                                                                                                                                                    SHA-256:4730CFB611D204772095612032B35CB70176C86E8DB212984CACE2C526E13A68
                                                                                                                                                                                                    SHA-512:17112DCC9CB5B1BC36EC3511C0103E1C09F8786B95B8D0A8CE5CAC4B078F73C328055D42334E2FE2FB1B522CBFE180B0C5D80E3D9437BD9B0055489A4D141108
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.....@..oy retne............................a......................|+*................WAk..o.n................*.lX.*...................".>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):363
                                                                                                                                                                                                    Entropy (8bit):5.161003292480767
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:YZTWssoitwWnKQRIRtBfQNjVp+S0JhyEbOxMBf67Q99S1zfEp4YRiC4YRigk:YZysbi6WnKQurBYNX+S0TyaR9iQ99S9X
                                                                                                                                                                                                    MD5:E204D2447EEF82266E818A9314BC0EF5
                                                                                                                                                                                                    SHA1:7B0480A05B51841DB2D2948AE9CC777EA297AC66
                                                                                                                                                                                                    SHA-256:D3E0741A922662953FFB3ABA27D4FC47EAE032D0D4F5831A8EFAF5DCB1FBC23E
                                                                                                                                                                                                    SHA-512:49F0E5FA45AEA4E214DAA7FCBDF87520C4056D5CDC7AA1735630EFF131367FB001120576295CC4B7AA376470A64468A37C59CE5325262EC5AE0231EFF75813E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.9..wa-stickers.$5f6b05dd-385e-4ad0-aad3-402004d8fb4f..(.0..3..wa-pp.$4b935e02-f04e-4dd8-9236-bcac997cd382..(.0..8..wa2.2410.1.$4061fcf7-5349-4f87-9296-9386dcb837bf..(.0..7..wa-assets.$6bdb3c4a-b6a8-40fb-9298-5957f7e38840..(.0..L..wa_web_user_prefs_cache_store.$d4ff028a-0af2-4a75-b7c4-c2e63a63f198...(.0...https://web.whatsapp.com/..https://web.whatsapp.com/ .(.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):363
                                                                                                                                                                                                    Entropy (8bit):5.161003292480767
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:YZTWssoitwWnKQRIRtBfQNjVp+S0JhyEbOxMBf67Q99S1zfEp4YRiC4YRigk:YZysbi6WnKQurBYNX+S0TyaR9iQ99S9X
                                                                                                                                                                                                    MD5:E204D2447EEF82266E818A9314BC0EF5
                                                                                                                                                                                                    SHA1:7B0480A05B51841DB2D2948AE9CC777EA297AC66
                                                                                                                                                                                                    SHA-256:D3E0741A922662953FFB3ABA27D4FC47EAE032D0D4F5831A8EFAF5DCB1FBC23E
                                                                                                                                                                                                    SHA-512:49F0E5FA45AEA4E214DAA7FCBDF87520C4056D5CDC7AA1735630EFF131367FB001120576295CC4B7AA376470A64468A37C59CE5325262EC5AE0231EFF75813E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.9..wa-stickers.$5f6b05dd-385e-4ad0-aad3-402004d8fb4f..(.0..3..wa-pp.$4b935e02-f04e-4dd8-9236-bcac997cd382..(.0..8..wa2.2410.1.$4061fcf7-5349-4f87-9296-9386dcb837bf..(.0..7..wa-assets.$6bdb3c4a-b6a8-40fb-9298-5957f7e38840..(.0..L..wa_web_user_prefs_cache_store.$d4ff028a-0af2-4a75-b7c4-c2e63a63f198...(.0...https://web.whatsapp.com/..https://web.whatsapp.com/ .(.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt~RF61ee21.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):363
                                                                                                                                                                                                    Entropy (8bit):5.161003292480767
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:YZTWssoitwWnKQRIRtBfQNjVp+S0JhyEbOxMBf67Q99S1zfEp4YRiC4YRigk:YZysbi6WnKQurBYNX+S0TyaR9iQ99S9X
                                                                                                                                                                                                    MD5:E204D2447EEF82266E818A9314BC0EF5
                                                                                                                                                                                                    SHA1:7B0480A05B51841DB2D2948AE9CC777EA297AC66
                                                                                                                                                                                                    SHA-256:D3E0741A922662953FFB3ABA27D4FC47EAE032D0D4F5831A8EFAF5DCB1FBC23E
                                                                                                                                                                                                    SHA-512:49F0E5FA45AEA4E214DAA7FCBDF87520C4056D5CDC7AA1735630EFF131367FB001120576295CC4B7AA376470A64468A37C59CE5325262EC5AE0231EFF75813E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.9..wa-stickers.$5f6b05dd-385e-4ad0-aad3-402004d8fb4f..(.0..3..wa-pp.$4b935e02-f04e-4dd8-9236-bcac997cd382..(.0..8..wa2.2410.1.$4061fcf7-5349-4f87-9296-9386dcb837bf..(.0..7..wa-assets.$6bdb3c4a-b6a8-40fb-9298-5957f7e38840..(.0..L..wa_web_user_prefs_cache_store.$d4ff028a-0af2-4a75-b7c4-c2e63a63f198...(.0...https://web.whatsapp.com/..https://web.whatsapp.com/ .(.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt~RF61ee30.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):363
                                                                                                                                                                                                    Entropy (8bit):5.161003292480767
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:YZTWssoitwWnKQRIRtBfQNjVp+S0JhyEbOxMBf67Q99S1zfEp4YRiC4YRigk:YZysbi6WnKQurBYNX+S0TyaR9iQ99S9X
                                                                                                                                                                                                    MD5:E204D2447EEF82266E818A9314BC0EF5
                                                                                                                                                                                                    SHA1:7B0480A05B51841DB2D2948AE9CC777EA297AC66
                                                                                                                                                                                                    SHA-256:D3E0741A922662953FFB3ABA27D4FC47EAE032D0D4F5831A8EFAF5DCB1FBC23E
                                                                                                                                                                                                    SHA-512:49F0E5FA45AEA4E214DAA7FCBDF87520C4056D5CDC7AA1735630EFF131367FB001120576295CC4B7AA376470A64468A37C59CE5325262EC5AE0231EFF75813E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.9..wa-stickers.$5f6b05dd-385e-4ad0-aad3-402004d8fb4f..(.0..3..wa-pp.$4b935e02-f04e-4dd8-9236-bcac997cd382..(.0..8..wa2.2410.1.$4061fcf7-5349-4f87-9296-9386dcb837bf..(.0..7..wa-assets.$6bdb3c4a-b6a8-40fb-9298-5957f7e38840..(.0..L..wa_web_user_prefs_cache_store.$d4ff028a-0af2-4a75-b7c4-c2e63a63f198...(.0...https://web.whatsapp.com/..https://web.whatsapp.com/ .(.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt~RF61ee40.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):363
                                                                                                                                                                                                    Entropy (8bit):5.161003292480767
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:YZTWssoitwWnKQRIRtBfQNjVp+S0JhyEbOxMBf67Q99S1zfEp4YRiC4YRigk:YZysbi6WnKQurBYNX+S0TyaR9iQ99S9X
                                                                                                                                                                                                    MD5:E204D2447EEF82266E818A9314BC0EF5
                                                                                                                                                                                                    SHA1:7B0480A05B51841DB2D2948AE9CC777EA297AC66
                                                                                                                                                                                                    SHA-256:D3E0741A922662953FFB3ABA27D4FC47EAE032D0D4F5831A8EFAF5DCB1FBC23E
                                                                                                                                                                                                    SHA-512:49F0E5FA45AEA4E214DAA7FCBDF87520C4056D5CDC7AA1735630EFF131367FB001120576295CC4B7AA376470A64468A37C59CE5325262EC5AE0231EFF75813E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.9..wa-stickers.$5f6b05dd-385e-4ad0-aad3-402004d8fb4f..(.0..3..wa-pp.$4b935e02-f04e-4dd8-9236-bcac997cd382..(.0..8..wa2.2410.1.$4061fcf7-5349-4f87-9296-9386dcb837bf..(.0..7..wa-assets.$6bdb3c4a-b6a8-40fb-9298-5957f7e38840..(.0..L..wa_web_user_prefs_cache_store.$d4ff028a-0af2-4a75-b7c4-c2e63a63f198...(.0...https://web.whatsapp.com/..https://web.whatsapp.com/ .(.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt~RF61ef0b.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):363
                                                                                                                                                                                                    Entropy (8bit):5.161003292480767
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:YZTWssoitwWnKQRIRtBfQNjVp+S0JhyEbOxMBf67Q99S1zfEp4YRiC4YRigk:YZysbi6WnKQurBYNX+S0TyaR9iQ99S9X
                                                                                                                                                                                                    MD5:E204D2447EEF82266E818A9314BC0EF5
                                                                                                                                                                                                    SHA1:7B0480A05B51841DB2D2948AE9CC777EA297AC66
                                                                                                                                                                                                    SHA-256:D3E0741A922662953FFB3ABA27D4FC47EAE032D0D4F5831A8EFAF5DCB1FBC23E
                                                                                                                                                                                                    SHA-512:49F0E5FA45AEA4E214DAA7FCBDF87520C4056D5CDC7AA1735630EFF131367FB001120576295CC4B7AA376470A64468A37C59CE5325262EC5AE0231EFF75813E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.9..wa-stickers.$5f6b05dd-385e-4ad0-aad3-402004d8fb4f..(.0..3..wa-pp.$4b935e02-f04e-4dd8-9236-bcac997cd382..(.0..8..wa2.2410.1.$4061fcf7-5349-4f87-9296-9386dcb837bf..(.0..7..wa-assets.$6bdb3c4a-b6a8-40fb-9298-5957f7e38840..(.0..L..wa_web_user_prefs_cache_store.$d4ff028a-0af2-4a75-b7c4-c2e63a63f198...(.0...https://web.whatsapp.com/..https://web.whatsapp.com/ .(.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt~RF624c10.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):363
                                                                                                                                                                                                    Entropy (8bit):5.161003292480767
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:YZTWssoitwWnKQRIRtBfQNjVp+S0JhyEbOxMBf67Q99S1zfEp4YRiC4YRigk:YZysbi6WnKQurBYNX+S0TyaR9iQ99S9X
                                                                                                                                                                                                    MD5:E204D2447EEF82266E818A9314BC0EF5
                                                                                                                                                                                                    SHA1:7B0480A05B51841DB2D2948AE9CC777EA297AC66
                                                                                                                                                                                                    SHA-256:D3E0741A922662953FFB3ABA27D4FC47EAE032D0D4F5831A8EFAF5DCB1FBC23E
                                                                                                                                                                                                    SHA-512:49F0E5FA45AEA4E214DAA7FCBDF87520C4056D5CDC7AA1735630EFF131367FB001120576295CC4B7AA376470A64468A37C59CE5325262EC5AE0231EFF75813E1
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.9..wa-stickers.$5f6b05dd-385e-4ad0-aad3-402004d8fb4f..(.0..3..wa-pp.$4b935e02-f04e-4dd8-9236-bcac997cd382..(.0..8..wa2.2410.1.$4061fcf7-5349-4f87-9296-9386dcb837bf..(.0..7..wa-assets.$6bdb3c4a-b6a8-40fb-9298-5957f7e38840..(.0..L..wa_web_user_prefs_cache_store.$d4ff028a-0af2-4a75-b7c4-c2e63a63f198...(.0...https://web.whatsapp.com/..https://web.whatsapp.com/ .(.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):957
                                                                                                                                                                                                    Entropy (8bit):6.078562717585031
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:F2xc5NmvcncmB/24uTbDdiZIaO7JXbGPZ9OW4uTbjfZIaO78:F2emQJ2zTbBiZIhXbU4WzTbjZIk
                                                                                                                                                                                                    MD5:8C5EBAE3216068F6299EB3B005515AF7
                                                                                                                                                                                                    SHA1:2E412053740B6A9B2AAB1465784BE3A951BA779C
                                                                                                                                                                                                    SHA-256:0966D83ACEE76E5FCD0CEBF55897F05CAD601C89D6B61FED04795918D8B41ED3
                                                                                                                                                                                                    SHA-512:28E7F90996774A9A6951877A3A863C623FEBD9DF6ED6718BFE5CE66FEE921D1C5D9255251224034A4885EF08012788C97AE4F02BE02CAE3FBE2E1B08651A6E15
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2...E................INITDATA_NEXT_REGISTRATION_ID.1..INITDATA_NEXT_VERSION_ID.1.0INITDATA_UNIQUE_ORIGIN:https://web.whatsapp.com/...REG:https://web.whatsapp.com/.0......https://web.whatsapp.com/.)https://web.whatsapp.com/serviceworker.js .(.0.8.......@....Z.b.....trueh.h.h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..p.x...................coep_report.................REGID_TO_ORIGIN:0.https://web.whatsapp.com/..RES:0.0t...)https://web.whatsapp.com/serviceworker.js....."@A46A03CEDCC77EFEBCA03C3D14E4E5F5FD67FCCC91B94271C8321A67A81C8CDF..URES:0..PRES:0Ru...................REG:https://web.whatsapp.com/.0......https://web.whatsapp.com/.)https://web.whatsapp.com/serviceworker.js .(.0.8.......@....Z.b.....trueh.h.h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..h..p.x...................coep_report...............

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\Database\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):323
                                                                                                                                                                                                    Entropy (8bit):5.2187723641426
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:FpHFRq1wknaZ5KrWLYQV+df/a252KLlvpHgyq2PwknaZ5KrWLYQV+df/a2ZIFUv:xbrHUdnxLRvYrHUdnJ2FUv
                                                                                                                                                                                                    MD5:3422923FC16F7AB2C50410AE26A4C33F
                                                                                                                                                                                                    SHA1:E3649CD59E02FE8E010C4CAB2CB2151CA74C2AB1
                                                                                                                                                                                                    SHA-256:B9B33342E4787A0A73067E5283F8D4E769DF0B8CC7F5967FDFB80672C3F56A97
                                                                                                                                                                                                    SHA-512:9E86D18ABDCB0F5C857EFCCC17E76E6B151895FF8E1A0CA418E769769138382C6974C151D60C6154F1441F570D9B2ED20E1A30BFF5E54A9D84210EE4AA902EC6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:36.062 1990 Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\Database since it was missing..2024/03/10-17:31:36.129 1990 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3449417
                                                                                                                                                                                                    Entropy (8bit):5.674569443051517
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:49152:R39IgYL0D6hSmvPZoOhimPp86D7b0tGPS3Bo1NjBfc33LcN6IdbcvodvPEneboJd:R39JYL0DolaD
                                                                                                                                                                                                    MD5:0C015DA9E3278625412AABC5B0440578
                                                                                                                                                                                                    SHA1:5CAAB49E70EB9ADA89C63A5515DD2234D35AA3CB
                                                                                                                                                                                                    SHA-256:852F9D79DCBBC39E8ABE6236381EE46906337F0EFF34ADF3120B6ECDE457F1DA
                                                                                                                                                                                                    SHA-512:4A34A84A344764F3DB1937BC476C75D244D99C9580D25C5536C7F69EF5B02C2760384458ED118E3F767953DBF5E46F6767A92E9BCA57D5E58D8FD4B446388CE7
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m..........rSG.....0/*! Copyright (c) 2024 WhatsApp Inc. All Rights Reserved. */(()=>{var __webpack_modules__={14462:(e,t,n)=>{!function(e){"use strict";var t=function(e){var t,n=new Float64Array(16);if(e)for(t=0;t<e.length;t++)n[t]=e[t];return n},r=function(){throw new Error("no PRNG")},i=new Uint8Array(16),o=new Uint8Array(32);o[0]=9;var a=t(),s=t([1]),l=t([56129,1]),u=t([30883,4953,19914,30187,55467,16705,2637,112,59544,30585,16505,36039,65139,11119,27886,20995]),c=t([61785,9906,39828,60374,45398,33411,5274,224,53552,61171,33010,6542,64743,22239,55772,9222]),d=t([54554,36645,11616,51542,42930,38181,51040,26924,56412,64982,57905,49316,21502,52590,14035,8553]),p=t([26200,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214]),f=t([41136,18958,6951,50414,58488,44335,6150,12099,55207,15867,153,11085,57099,20417,9344,11139]);function _(e,t,n,r){e[t]=n>>24&255,e[t+1]=n>>16&255,e[t+2]=n>>8&255,e[t+3]=255&n,e[t+4]=r>>24&255,e[t+5]=r>>16&255,e[t+6]=r>

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):6548745
                                                                                                                                                                                                    Entropy (8bit):6.259026656383427
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:49152:M3iVJgFKR+lxT+TUsrShSkdMX1naGzUxmSPy6GZFC1kz8jKxSX4OskvnGEAjgcAv:MyFRtaGnPmrZ
                                                                                                                                                                                                    MD5:44F42405A0D4448F2F3E7797621DC7C3
                                                                                                                                                                                                    SHA1:A2CB5B90CD0E1E3C36C725DC8262CD24F30F097A
                                                                                                                                                                                                    SHA-256:1AB280AE8B018CB1D77B0C88F9FAA3EE79356F945D289E925F860DB286D8AEEE
                                                                                                                                                                                                    SHA-512:4AEFBB1202DAAA6B1360C4B49D1E9CC59C4169F643E58A8CCF2C317DA3AD787A5F0EF7104993D6154BC5B71F49F5111A490119EE545D586E0C53CB50981B17FD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m..........rSG.....0....X..................;.u4......c......,T.,..`......L`.....,T.M..`TF...e.L`.....TSb............. RfR..\....__webpack_modules__..$Rg."......__webpack_module_cache__..Re>=<V....leafPrototypes....RcR.jb....getProto. Rf.\.*....__webpack_require__.. Rf..5....__webpack_exports__.e........................I`....Daz.....h..,T.t.`......L`......Rc........exports..$..a...........C..Rc........loaded..H.@...a...........RI..H....4KkX........(.`...\. ...d.....t.h.....0.K.........w@................/....-.......}......3.....4.........../...-....-....-..........\.....2...-.....(Sb............,`....Dab.h.0.h.......e..........0.`............H......8Q.4..d-)...https://web.whatsapp.com/serviceworker.js...a........Db............D`.........A.`............,T.X..`n.....L`.....0Sb.............1.`$.....Rc........14462...`....Da..........,T....`.......L`D....Q.Sb....................1......q......q..........q...........1...q...q...................q...1..........1..........q

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):24
                                                                                                                                                                                                    Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:m+l:m
                                                                                                                                                                                                    MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                    SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                    SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                    SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:0\r..m..................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                    Entropy (8bit):3.565412423760729
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Psu00Xl/lllHlxEPBllt3liU+:UujIPBlop
                                                                                                                                                                                                    MD5:6712F45BCD07EDB6A92C58D2C05B44C5
                                                                                                                                                                                                    SHA1:3D70763AE4C8E5F5E813ADF666671330DD7EFA36
                                                                                                                                                                                                    SHA-256:5A06E76C1B9E98F45E8296AF5E3970BB3FC93FA1DEE5D58910B4CE37349D2F28
                                                                                                                                                                                                    SHA-512:8C88AEFCE48D0C0C95E7FC85C144BA264CA6E8879914A973F1169CFC9EA24D328FA85D9A5FFFB308EB74543DD42BA929FE38544915AC3B208B04202E093C7548
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:@....wb.oy retne.........................X....,d$................K>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                    Entropy (8bit):3.565412423760729
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Psu00Xl/lllHlxEPBllt3liU+:UujIPBlop
                                                                                                                                                                                                    MD5:6712F45BCD07EDB6A92C58D2C05B44C5
                                                                                                                                                                                                    SHA1:3D70763AE4C8E5F5E813ADF666671330DD7EFA36
                                                                                                                                                                                                    SHA-256:5A06E76C1B9E98F45E8296AF5E3970BB3FC93FA1DEE5D58910B4CE37349D2F28
                                                                                                                                                                                                    SHA-512:8C88AEFCE48D0C0C95E7FC85C144BA264CA6E8879914A973F1169CFC9EA24D328FA85D9A5FFFB308EB74543DD42BA929FE38544915AC3B208B04202E093C7548
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:@....wb.oy retne.........................X....,d$................K>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF623e54.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):72
                                                                                                                                                                                                    Entropy (8bit):3.565412423760729
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:Psu00Xl/lllHlxEPBllt3liU+:UujIPBlop
                                                                                                                                                                                                    MD5:6712F45BCD07EDB6A92C58D2C05B44C5
                                                                                                                                                                                                    SHA1:3D70763AE4C8E5F5E813ADF666671330DD7EFA36
                                                                                                                                                                                                    SHA-256:5A06E76C1B9E98F45E8296AF5E3970BB3FC93FA1DEE5D58910B4CE37349D2F28
                                                                                                                                                                                                    SHA-512:8C88AEFCE48D0C0C95E7FC85C144BA264CA6E8879914A973F1169CFC9EA24D328FA85D9A5FFFB308EB74543DD42BA929FE38544915AC3B208B04202E093C7548
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:@....wb.oy retne.........................X....,d$................K>.q/.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:modified
                                                                                                                                                                                                    Size (bytes):273
                                                                                                                                                                                                    Entropy (8bit):4.63778242956347
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:S85aEFljljlnlaDaOBB1KcwgPSRiT2cN/14E+B2ORI:S+a8ljljlnNOBvFP8K2WqD2ORI
                                                                                                                                                                                                    MD5:7D92E08A1BB0C589B232CC9F8FAD34BD
                                                                                                                                                                                                    SHA1:9E0D2EEC04F8C695340663603CEC5B6467391453
                                                                                                                                                                                                    SHA-256:7397BB64D68AD1D051C55067848C775CCEC1AFB38EE1FDAE0CCEFBFC22B718EF
                                                                                                                                                                                                    SHA-512:2759A2983F99A56B469ABC0A7791FFC7E80B8D0CF6268CD6F05A4947512552E5CF9A9C7BF7B77C62EF6EB760914BE3DEA8186214E1C064D75618F2492A47880E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:*...#................version.1..namespace-..&f.................&f.................&f...............2...g................next-map-id.1.Hnamespace-10d925f5_176b_4174_af39_8256792926c8-https://web.whatsapp.com/.0).i.9................map-0-storage_test.s.t.o.r.a.g.e._.t.e.s.t.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):345
                                                                                                                                                                                                    Entropy (8bit):5.260161100907398
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:Fr9c1L+q2PwknaZ5KrWLYQV+dWQMxIFUt88r3WEQGNjKWZmw+8r3Y1LVkwOwkna/:Z61L+vYrHUdHFUt8e3WE52W/+e3Y1LV/
                                                                                                                                                                                                    MD5:BDF2B3243BE067D08FE759BC6A6723DE
                                                                                                                                                                                                    SHA1:C19B1A2C0896342A7D1D2ADE498F6178FC58D94B
                                                                                                                                                                                                    SHA-256:6DBEBC256B3C859BB5617E9FD4CD7B86CA8CCF6F615C0BEC76991656D018F880
                                                                                                                                                                                                    SHA-512:2F8CE510742D6786BE022403C7197243AFCC56928F0544D4AE074294C0D08D0D672F1FCE72A5DCC1BBBFED9D85ED9ED42D3F8A1786C961CE3EBF54F2314E8ED5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:19.303 b5c Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage/MANIFEST-000001.2024/03/10-17:31:19.933 b5c Recovering log #3.2024/03/10-17:31:19.943 b5c Reusing old log C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage/000003.log .

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage\LOG.old (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):345
                                                                                                                                                                                                    Entropy (8bit):5.260161100907398
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:Fr9c1L+q2PwknaZ5KrWLYQV+dWQMxIFUt88r3WEQGNjKWZmw+8r3Y1LVkwOwkna/:Z61L+vYrHUdHFUt8e3WE52W/+e3Y1LV/
                                                                                                                                                                                                    MD5:BDF2B3243BE067D08FE759BC6A6723DE
                                                                                                                                                                                                    SHA1:C19B1A2C0896342A7D1D2ADE498F6178FC58D94B
                                                                                                                                                                                                    SHA-256:6DBEBC256B3C859BB5617E9FD4CD7B86CA8CCF6F615C0BEC76991656D018F880
                                                                                                                                                                                                    SHA-512:2F8CE510742D6786BE022403C7197243AFCC56928F0544D4AE074294C0D08D0D672F1FCE72A5DCC1BBBFED9D85ED9ED42D3F8A1786C961CE3EBF54F2314E8ED5
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:19.303 b5c Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage/MANIFEST-000001.2024/03/10-17:31:19.933 b5c Recovering log #3.2024/03/10-17:31:19.943 b5c Reusing old log C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage/000003.log .

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                    Entropy (8bit):3.473726825238924
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:41tt0diERGn:et084G
                                                                                                                                                                                                    MD5:148079685E25097536785F4536AF014B
                                                                                                                                                                                                    SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
                                                                                                                                                                                                    SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
                                                                                                                                                                                                    SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.On.!................database_metadata.1

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):376
                                                                                                                                                                                                    Entropy (8bit):5.267385140532919
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:FrjcM+q2PwknaZ5KrWLYQV+dUUh2ghZIFUt88rbJZmw+8rhvcMVkwOwknaZ5KrWq:ZgM+vYrHUdrhHh2FUt8eN/+eWMV5JrHs
                                                                                                                                                                                                    MD5:6015FA88F167F9384E501695E9120816
                                                                                                                                                                                                    SHA1:E89ACD6B6DE9782B564C65A91E5FB2B2C98B98B7
                                                                                                                                                                                                    SHA-256:B5C31D9073C4A372A87AC03B28416AB6396B9CEDCABEAB339E0EC67A6FD72172
                                                                                                                                                                                                    SHA-512:2570650B11585EE70572C4AA67C43382B6A0FFD7B896638C451323D3C72785B7159068C5F2CAC0514CF32E64ED509541CE351C20337A1D269DAA90F306F6C673
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:17.525 19fc Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database/MANIFEST-000001.2024/03/10-17:31:17.561 19fc Recovering log #3.2024/03/10-17:31:17.563 19fc Reusing old log C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database\LOG.old (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):376
                                                                                                                                                                                                    Entropy (8bit):5.267385140532919
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:FrjcM+q2PwknaZ5KrWLYQV+dUUh2ghZIFUt88rbJZmw+8rhvcMVkwOwknaZ5KrWq:ZgM+vYrHUdrhHh2FUt8eN/+eWMV5JrHs
                                                                                                                                                                                                    MD5:6015FA88F167F9384E501695E9120816
                                                                                                                                                                                                    SHA1:E89ACD6B6DE9782B564C65A91E5FB2B2C98B98B7
                                                                                                                                                                                                    SHA-256:B5C31D9073C4A372A87AC03B28416AB6396B9CEDCABEAB339E0EC67A6FD72172
                                                                                                                                                                                                    SHA-512:2570650B11585EE70572C4AA67C43382B6A0FFD7B896638C451323D3C72785B7159068C5F2CAC0514CF32E64ED509541CE351C20337A1D269DAA90F306F6C673
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:17.525 19fc Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database/MANIFEST-000001.2024/03/10-17:31:17.561 19fc Recovering log #3.2024/03/10-17:31:17.563 19fc Reusing old log C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database/000003.log .

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):46
                                                                                                                                                                                                    Entropy (8bit):4.019797536844534
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:sLollttz6sjlGXU2tkn:qolXtWswXU2tkn
                                                                                                                                                                                                    MD5:90881C9C26F29FCA29815A08BA858544
                                                                                                                                                                                                    SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
                                                                                                                                                                                                    SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
                                                                                                                                                                                                    SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...n'................_mts_schema_descriptor...

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):352
                                                                                                                                                                                                    Entropy (8bit):5.350206916118494
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:FrYIq2PwknaZ5KrWLYQV+dWIFUt88rCCZmw+8rvZFkwOwknaZ5KrWLYQV+dv/WLJ:Z5vYrHUdPFUt8eCC/+ef5JrHUdvUJ
                                                                                                                                                                                                    MD5:B925844D5CC4DCD577D294BE224CDBC4
                                                                                                                                                                                                    SHA1:26E53C27C678AD4F2A2C340D57AF7845816825CC
                                                                                                                                                                                                    SHA-256:53FC1A5011BBF225F77E2A15EA95E95C7C5692EC98F236A6887EC8B0A35E9C74
                                                                                                                                                                                                    SHA-512:80BAF6780CFDB92B3FB72167C7B1FFEB7065736F1CA62D10E21AC7C67C249872C525E26EB5890E1B9098276D20F86C9B74B67AB90CF664911E9A150CC338CA83
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:18.296 1960 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB/MANIFEST-000001.2024/03/10-17:31:18.587 1960 Recovering log #3.2024/03/10-17:31:18.592 1960 Reusing old log C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB\LOG.old (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):352
                                                                                                                                                                                                    Entropy (8bit):5.350206916118494
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:FrYIq2PwknaZ5KrWLYQV+dWIFUt88rCCZmw+8rvZFkwOwknaZ5KrWLYQV+dv/WLJ:Z5vYrHUdPFUt8eCC/+ef5JrHUdvUJ
                                                                                                                                                                                                    MD5:B925844D5CC4DCD577D294BE224CDBC4
                                                                                                                                                                                                    SHA1:26E53C27C678AD4F2A2C340D57AF7845816825CC
                                                                                                                                                                                                    SHA-256:53FC1A5011BBF225F77E2A15EA95E95C7C5692EC98F236A6887EC8B0A35E9C74
                                                                                                                                                                                                    SHA-512:80BAF6780CFDB92B3FB72167C7B1FFEB7065736F1CA62D10E21AC7C67C249872C525E26EB5890E1B9098276D20F86C9B74B67AB90CF664911E9A150CC338CA83
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:18.296 1960 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB/MANIFEST-000001.2024/03/10-17:31:18.587 1960 Recovering log #3.2024/03/10-17:31:18.592 1960 Reusing old log C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB/000003.log .

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Top Sites

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):20480
                                                                                                                                                                                                    Entropy (8bit):0.3528485475628876
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOSiPe2d:TLiwCZwE8I6Uwcco5fBtC
                                                                                                                                                                                                    MD5:F2B4FB2D384AA4E4D6F4AEB0BBA217DC
                                                                                                                                                                                                    SHA1:2CD70CFB3CE72D9B079170C360C1F563B6BF150E
                                                                                                                                                                                                    SHA-256:1ECC07CD1D383472DAD33D2A5766625009EA5EACBAEDE2417ADA1842654CBBC8
                                                                                                                                                                                                    SHA-512:48D03991660FA1598B3E002F5BC5F0F05E9696BCB2289240FA8CCBB2C030CDD23245D4ECC0C64DA1E7C54B092C3E60AE0427358F63087018BF0E6CEDC471DD34
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Visited Links

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):131072
                                                                                                                                                                                                    Entropy (8bit):0.0033769341339387224
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:ImtVuMrQ9Igrlll:IiVuME9n/l
                                                                                                                                                                                                    MD5:73BEA001EDC64D57237BBFBBA2A97C4A
                                                                                                                                                                                                    SHA1:DF9C09F667F8670E60EAFF854AD80E06AAE52686
                                                                                                                                                                                                    SHA-256:63D39E580EC5F811E8D93DC9DE4285EAB174C04CB0CA4D15F79DB4BDB7C9CCF8
                                                                                                                                                                                                    SHA-512:033276F05E67F82D04646009913E20904FA63049B5AA4FC366EF6853248A2347AD039C99F96097A317138503C1E26185A9A96CF55BBED5AFAC31BD9F272F38A6
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:VLnk.....?......3\.*...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Web Data

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 4, database pages 87, cookie 0x36, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):178176
                                                                                                                                                                                                    Entropy (8bit):0.9328735337338357
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:192:h2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+c:h2qOB1nxCkvSAELyKOMq+c
                                                                                                                                                                                                    MD5:1CB76F630E428DE01087C25758DCB804
                                                                                                                                                                                                    SHA1:09AE3969DD5FBFCB081D970D6FD2DC3C172DE5E7
                                                                                                                                                                                                    SHA-256:7A721C305AB19AFFD79432DC3112F9DC2E7F593987B0941387B9AE3C61A39ED3
                                                                                                                                                                                                    SHA-512:03DA43E7DCE73A4753F60F1F224FCE79A3F531DA412E95736631913836325114AA9BA4FD301E8C830CE8EAC513879FF22694A24BE7B4D426658653C828A97685
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ .......W...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\WebStorage\QuotaManager

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40960
                                                                                                                                                                                                    Entropy (8bit):0.47200910754358677
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcBSRAH4v:v7doKsKuKZKlZNmu46yjxY
                                                                                                                                                                                                    MD5:E4AF1B0C4AAF22F6DEBF09B35EB31442
                                                                                                                                                                                                    SHA1:836A058652354990FD3165BF1273CB8E541C5B0A
                                                                                                                                                                                                    SHA-256:5CB57B41E40C59B0B17E79ABF9B247AF2383CD431EB88A79877EF2AA6BF9133D
                                                                                                                                                                                                    SHA-512:ABB45EE285B0590F7FDFB45855933A392755CE430C491BB85604469BA42264D369AF4BF53F9F1E3BFC6BCFCC0656099B89B163684F0CA57FCB518A6DF6C7A619
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\databases\Databases.db

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):28672
                                                                                                                                                                                                    Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                    MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                    SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                    SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                    SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\heavy_ad_intervention_opt_out.db

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16384
                                                                                                                                                                                                    Entropy (8bit):0.35226517389931394
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                                                                                                                                                    MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                                                                                                                                                    SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                                                                                                                                                    SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                                                                                                                                                    SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):1416
                                                                                                                                                                                                    Entropy (8bit):5.408212673381656
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:g887SBSAX/o/HPZWJHRHMIIit2YKIt2YKl3KcMQNkQCMYKIMYKkyPAlkfAlkF3:g887SBSaQ/PqHRHMxiIYjIYszMqkdMYO
                                                                                                                                                                                                    MD5:F2CC4DB48ED2B9FD9AABDF08A8E43E7C
                                                                                                                                                                                                    SHA1:FA44F88F20B2A93E04F1DA2170527E97E06A4446
                                                                                                                                                                                                    SHA-256:87CA1349B0EC213F6815EE445066E3F8DFE30534A71E277F9EFC3BB9BBB554FD
                                                                                                                                                                                                    SHA-512:E8404777427448F8CF84618D7B608DEE18495A9B120C354B1201CACF266E0FA98856A6628C0A7FF706C410A9F7BD79386E3F52CF5B87EC5C2CC22A4683E27C9E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:A..r.................20_1_1...1.,U.................20_1_1...1..&f...............Y<.B.................4_IPH_CompanionSidePanel...IPH_CompanionSidePanel....$4_IPH_CompanionSidePanelRegionSearch(."IPH_CompanionSidePanelRegionSearch.....4_IPH_DownloadToolbarButton...IPH_DownloadToolbarButton....&4_IPH_FocusHelpBubbleScreenReaderPromo*.$IPH_FocusHelpBubbleScreenReaderPromo.....4_IPH_GMCCastStartStop...IPH_GMCCastStartStop.....4_IPH_HighEfficiencyMode...IPH_HighEfficiencyMode.....4_IPH_LiveCaption...IPH_LiveCaption.....4_IPH_PasswordsAccountStorage!..IPH_PasswordsAccountStorage...."4_IPH_PasswordsWebAppProfileSwitch&. IPH_PasswordsWebAppProfileSwitch....-4_IPH_PriceInsightsPageActionIconLabelFeature1.+IPH_PriceInsightsPageActionIconLabelFeature.....4_IPH_PriceTrackingChipFeature"..IPH_PriceTrackingChipFeature....&4_IPH_PriceTrackingEmailConsentFeature*.$IPH_PriceTrackingEmailConsentFeature....-4_IPH_PriceTrackingPageActionIconLabelFeature1.+IPH_PriceTrackingPageActionIconLabelFe

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):348
                                                                                                                                                                                                    Entropy (8bit):5.381713394874629
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:FrsvcM+q2PwknaZ5KrWLYQV+d4rK+IFUt88reNJZmw+8rEccMVkwOwknaZ5KrWLL:Zs0M+vYrHUd53FUt8eeX/+eiMV5JrHUA
                                                                                                                                                                                                    MD5:73FC05B2D36D318A103C93F594BEEE80
                                                                                                                                                                                                    SHA1:C22B3394D6236DDE2A7F717FDBEA6235534707AF
                                                                                                                                                                                                    SHA-256:72BB23D96A1CE827096F134546DE751CABF06DFA188FC992EF20DEC0DBC7E31C
                                                                                                                                                                                                    SHA-512:92D4CD3944DF26D663BCC528DC044A4B5FBA67BA2F818F22D47D2CB852AF05F000338CC2938AF3F142111BF182AF59E13D9CC45331C606CBFE7DBB5D134FBE47
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:17.849 19fc Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db/MANIFEST-000001.2024/03/10-17:31:17.865 19fc Recovering log #3.2024/03/10-17:31:17.866 19fc Reusing old log C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\LOG.old (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):348
                                                                                                                                                                                                    Entropy (8bit):5.381713394874629
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:FrsvcM+q2PwknaZ5KrWLYQV+d4rK+IFUt88reNJZmw+8rEccMVkwOwknaZ5KrWLL:Zs0M+vYrHUd53FUt8eeX/+eiMV5JrHUA
                                                                                                                                                                                                    MD5:73FC05B2D36D318A103C93F594BEEE80
                                                                                                                                                                                                    SHA1:C22B3394D6236DDE2A7F717FDBEA6235534707AF
                                                                                                                                                                                                    SHA-256:72BB23D96A1CE827096F134546DE751CABF06DFA188FC992EF20DEC0DBC7E31C
                                                                                                                                                                                                    SHA-512:92D4CD3944DF26D663BCC528DC044A4B5FBA67BA2F818F22D47D2CB852AF05F000338CC2938AF3F142111BF182AF59E13D9CC45331C606CBFE7DBB5D134FBE47
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:17.849 19fc Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db/MANIFEST-000001.2024/03/10-17:31:17.865 19fc Recovering log #3.2024/03/10-17:31:17.866 19fc Reusing old log C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db/000003.log .

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):589
                                                                                                                                                                                                    Entropy (8bit):3.975692584252663
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:G0nYUtTNop//73K5t/b8gMWlJhC+lvBXJSge9G:G0nYUtypL3K3bPvhC+lvBJ
                                                                                                                                                                                                    MD5:AEF39F37308240654CBCE40C92683259
                                                                                                                                                                                                    SHA1:2E1F0EDB7837EF070A3B0296A703A316470036F0
                                                                                                                                                                                                    SHA-256:431A499548049BA3A9133F4C3C8C545C6F03F56FE11F36ECD6BBE24D796F9665
                                                                                                                                                                                                    SHA-512:833061716FA13E926AE26069185FD93B5752314B6EC0D0C5E4D7EBE6FDEBCF6B243DF07638B16172DED476791071EBA2E162062BE2420FBEFB2592BE611C04FA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.......KD.................__global... .X...................20_.....W.J+.................19_......qY.................18_.....5oP..................3_.......\4.................4_........].................20_.....Owa..................20_.....`..N.................19_.....D8.X.................18_.....#..#.................3_..........................4_..........................9_.....3V.~.................9_.....

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):16
                                                                                                                                                                                                    Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                    MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                    SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                    SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                    SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MANIFEST-000001.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):366
                                                                                                                                                                                                    Entropy (8bit):5.325613865885722
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:FrXuvcM+q2PwknaZ5KrWLYQV+d4rzAdIFUt88rPNJZmw+8rIYcMVkwOwknaZ5KrR:ZXu0M+vYrHUduFUt8ePX/+ewMV5JrHUh
                                                                                                                                                                                                    MD5:BE31D22C17046C75ED47F78806AE546E
                                                                                                                                                                                                    SHA1:415F5395CD54D295C94AC24132D88081B8227D0F
                                                                                                                                                                                                    SHA-256:DDB20ADC418B68D8CA9C60B732B3E9F5C84FC2FAA0D789864BFECFDA980F8E9B
                                                                                                                                                                                                    SHA-512:AB04C1533CEFC85EF14EDE36281CFD4C1FCBDE3419A29F05909373CFA91BC93954DC5DEE9E3C88C871349B9E29A3DC576D724F7AD26D150C5FB4719A9A416DAA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:17.766 19fc Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata/MANIFEST-000001.2024/03/10-17:31:17.817 19fc Recovering log #3.2024/03/10-17:31:17.819 19fc Reusing old log C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata\LOG.old (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):366
                                                                                                                                                                                                    Entropy (8bit):5.325613865885722
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:FrXuvcM+q2PwknaZ5KrWLYQV+d4rzAdIFUt88rPNJZmw+8rIYcMVkwOwknaZ5KrR:ZXu0M+vYrHUduFUt8ePX/+ewMV5JrHUh
                                                                                                                                                                                                    MD5:BE31D22C17046C75ED47F78806AE546E
                                                                                                                                                                                                    SHA1:415F5395CD54D295C94AC24132D88081B8227D0F
                                                                                                                                                                                                    SHA-256:DDB20ADC418B68D8CA9C60B732B3E9F5C84FC2FAA0D789864BFECFDA980F8E9B
                                                                                                                                                                                                    SHA-512:AB04C1533CEFC85EF14EDE36281CFD4C1FCBDE3419A29F05909373CFA91BC93954DC5DEE9E3C88C871349B9E29A3DC576D724F7AD26D150C5FB4719A9A416DAA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:2024/03/10-17:31:17.766 19fc Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata/MANIFEST-000001.2024/03/10-17:31:17.817 19fc Recovering log #3.2024/03/10-17:31:17.819 19fc Reusing old log C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata/000003.log .

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:OpenPGP Secret Key
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):41
                                                                                                                                                                                                    Entropy (8bit):4.704993772857998
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                    MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                    SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                    SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                    SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GrShaderCache\data_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GrShaderCache\data_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                    Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                    MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                    SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                    SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                    SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GrShaderCache\data_2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GrShaderCache\data_3

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GrShaderCache\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                    Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:LsNl/8Tl:Ls3Il
                                                                                                                                                                                                    MD5:6C479590C4A536BC19FA5DDBC3542176
                                                                                                                                                                                                    SHA1:A7C1D588A356F9B43705DE1D8D453EBBF1B75BBB
                                                                                                                                                                                                    SHA-256:2CB72379C5046E4926D20795DE50EF39DB9B878D106CA5B51C158CC806960BB6
                                                                                                                                                                                                    SHA-512:2362A793E85DB9AE418E67C77B7875EB3FADED2F7C708060A8F0DCEEBBA580FA16210469971BC9401C83FE194DBB77412A875B7BD2092D60211135975720F7CE
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................PG.<.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GraphiteDawnCache\data_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GraphiteDawnCache\data_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                    Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                    MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                    SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                    SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                    SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GraphiteDawnCache\data_2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GraphiteDawnCache\data_3

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GraphiteDawnCache\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                    Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:LsNl:Ls3
                                                                                                                                                                                                    MD5:51F30379089ABC142E8701E72C26D016
                                                                                                                                                                                                    SHA1:17333A5271CBD30943978F1BCECED3318D7A1A7D
                                                                                                                                                                                                    SHA-256:6FE539128F1CFBE62492FF65190C5F8751A034C62849BB7798666CC7A17A172B
                                                                                                                                                                                                    SHA-512:30E73D3DD1DA6A241CFA7A1706A7423922617CA119AD881446DABC0B4112828642C79E845C42DE997ADCD575EFFE7A9A147E0DE1B170E19B924E82C0DAF2ED74
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.........................................+.<.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Last Version

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):13
                                                                                                                                                                                                    Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                    MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                    SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                    SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                    SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:117.0.2045.47

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Local State (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):949
                                                                                                                                                                                                    Entropy (8bit):5.6834948680070525
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YKWJu5rrtI+9nZLyUW83DUH6pBZfaeCUWO4czIbvX0QQRCYfYg:Yqfq6UULIHIB1ZH4czCvZB0
                                                                                                                                                                                                    MD5:5E498BB75009739104901BE011470B60
                                                                                                                                                                                                    SHA1:8AC02790BCEE6BC3237F00770A4754B8F2ACD759
                                                                                                                                                                                                    SHA-256:2E6E8FE1D79C2D35A40FBF69D9E3833AD501362527493BD859844E8D234B4206
                                                                                                                                                                                                    SHA-512:1A70A51CD440479905D5297AB77BE4FF2ADCFEB3E842242CB87461A3BC8507A46EE8A67A407B63163B1945EE26C8F76DBCC227F7736B90B8B28BCE2E6A165485
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABgeMgLbTHqT4ZdtySMAHWvEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADlzDCh0OPky8yw7bsie0rKFKneHA/kx1kyF7EN3ed+cQAAAAAOgAAAAAIAACAAAABZDcy2+MV59fH/50Y/NbTYCxbv1ErctHXne9S5dCGYTTAAAAAo0dMALsmk9bPktOPAt7Qnm8i5+3YRs3o6oaUyfg/N8kkxL5Gr2eqBwQ/ahjcsFgRAAAAABZn0u/6sLNl/Ewtdq2E3cxyRTMl+UiEpnhu85exQ1p8F3tiHZeLlUgFKxjH/+8sdYfhmQyk01nQ9+OcGqyrVCA=="},"uninstall_metrics":{"installation_date2":"1710088262"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":3779,"pseudo_low_entropy_source":565,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13354561862731533","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Local State~RF615963.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):949
                                                                                                                                                                                                    Entropy (8bit):5.6834948680070525
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YKWJu5rrtI+9nZLyUW83DUH6pBZfaeCUWO4czIbvX0QQRCYfYg:Yqfq6UULIHIB1ZH4czCvZB0
                                                                                                                                                                                                    MD5:5E498BB75009739104901BE011470B60
                                                                                                                                                                                                    SHA1:8AC02790BCEE6BC3237F00770A4754B8F2ACD759
                                                                                                                                                                                                    SHA-256:2E6E8FE1D79C2D35A40FBF69D9E3833AD501362527493BD859844E8D234B4206
                                                                                                                                                                                                    SHA-512:1A70A51CD440479905D5297AB77BE4FF2ADCFEB3E842242CB87461A3BC8507A46EE8A67A407B63163B1945EE26C8F76DBCC227F7736B90B8B28BCE2E6A165485
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABgeMgLbTHqT4ZdtySMAHWvEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADlzDCh0OPky8yw7bsie0rKFKneHA/kx1kyF7EN3ed+cQAAAAAOgAAAAAIAACAAAABZDcy2+MV59fH/50Y/NbTYCxbv1ErctHXne9S5dCGYTTAAAAAo0dMALsmk9bPktOPAt7Qnm8i5+3YRs3o6oaUyfg/N8kkxL5Gr2eqBwQ/ahjcsFgRAAAAABZn0u/6sLNl/Ewtdq2E3cxyRTMl+UiEpnhu85exQ1p8F3tiHZeLlUgFKxjH/+8sdYfhmQyk01nQ9+OcGqyrVCA=="},"uninstall_metrics":{"installation_date2":"1710088262"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":3779,"pseudo_low_entropy_source":565,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13354561862731533","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Local State~RF615a7c.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):949
                                                                                                                                                                                                    Entropy (8bit):5.6834948680070525
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YKWJu5rrtI+9nZLyUW83DUH6pBZfaeCUWO4czIbvX0QQRCYfYg:Yqfq6UULIHIB1ZH4czCvZB0
                                                                                                                                                                                                    MD5:5E498BB75009739104901BE011470B60
                                                                                                                                                                                                    SHA1:8AC02790BCEE6BC3237F00770A4754B8F2ACD759
                                                                                                                                                                                                    SHA-256:2E6E8FE1D79C2D35A40FBF69D9E3833AD501362527493BD859844E8D234B4206
                                                                                                                                                                                                    SHA-512:1A70A51CD440479905D5297AB77BE4FF2ADCFEB3E842242CB87461A3BC8507A46EE8A67A407B63163B1945EE26C8F76DBCC227F7736B90B8B28BCE2E6A165485
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABgeMgLbTHqT4ZdtySMAHWvEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADlzDCh0OPky8yw7bsie0rKFKneHA/kx1kyF7EN3ed+cQAAAAAOgAAAAAIAACAAAABZDcy2+MV59fH/50Y/NbTYCxbv1ErctHXne9S5dCGYTTAAAAAo0dMALsmk9bPktOPAt7Qnm8i5+3YRs3o6oaUyfg/N8kkxL5Gr2eqBwQ/ahjcsFgRAAAAABZn0u/6sLNl/Ewtdq2E3cxyRTMl+UiEpnhu85exQ1p8F3tiHZeLlUgFKxjH/+8sdYfhmQyk01nQ9+OcGqyrVCA=="},"uninstall_metrics":{"installation_date2":"1710088262"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":3779,"pseudo_low_entropy_source":565,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13354561862731533","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Local State~RF61674d.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):949
                                                                                                                                                                                                    Entropy (8bit):5.6834948680070525
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YKWJu5rrtI+9nZLyUW83DUH6pBZfaeCUWO4czIbvX0QQRCYfYg:Yqfq6UULIHIB1ZH4czCvZB0
                                                                                                                                                                                                    MD5:5E498BB75009739104901BE011470B60
                                                                                                                                                                                                    SHA1:8AC02790BCEE6BC3237F00770A4754B8F2ACD759
                                                                                                                                                                                                    SHA-256:2E6E8FE1D79C2D35A40FBF69D9E3833AD501362527493BD859844E8D234B4206
                                                                                                                                                                                                    SHA-512:1A70A51CD440479905D5297AB77BE4FF2ADCFEB3E842242CB87461A3BC8507A46EE8A67A407B63163B1945EE26C8F76DBCC227F7736B90B8B28BCE2E6A165485
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABgeMgLbTHqT4ZdtySMAHWvEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADlzDCh0OPky8yw7bsie0rKFKneHA/kx1kyF7EN3ed+cQAAAAAOgAAAAAIAACAAAABZDcy2+MV59fH/50Y/NbTYCxbv1ErctHXne9S5dCGYTTAAAAAo0dMALsmk9bPktOPAt7Qnm8i5+3YRs3o6oaUyfg/N8kkxL5Gr2eqBwQ/ahjcsFgRAAAAABZn0u/6sLNl/Ewtdq2E3cxyRTMl+UiEpnhu85exQ1p8F3tiHZeLlUgFKxjH/+8sdYfhmQyk01nQ9+OcGqyrVCA=="},"uninstall_metrics":{"installation_date2":"1710088262"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":3779,"pseudo_low_entropy_source":565,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13354561862731533","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Local State~RF61911c.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):949
                                                                                                                                                                                                    Entropy (8bit):5.6834948680070525
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YKWJu5rrtI+9nZLyUW83DUH6pBZfaeCUWO4czIbvX0QQRCYfYg:Yqfq6UULIHIB1ZH4czCvZB0
                                                                                                                                                                                                    MD5:5E498BB75009739104901BE011470B60
                                                                                                                                                                                                    SHA1:8AC02790BCEE6BC3237F00770A4754B8F2ACD759
                                                                                                                                                                                                    SHA-256:2E6E8FE1D79C2D35A40FBF69D9E3833AD501362527493BD859844E8D234B4206
                                                                                                                                                                                                    SHA-512:1A70A51CD440479905D5297AB77BE4FF2ADCFEB3E842242CB87461A3BC8507A46EE8A67A407B63163B1945EE26C8F76DBCC227F7736B90B8B28BCE2E6A165485
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABgeMgLbTHqT4ZdtySMAHWvEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADlzDCh0OPky8yw7bsie0rKFKneHA/kx1kyF7EN3ed+cQAAAAAOgAAAAAIAACAAAABZDcy2+MV59fH/50Y/NbTYCxbv1ErctHXne9S5dCGYTTAAAAAo0dMALsmk9bPktOPAt7Qnm8i5+3YRs3o6oaUyfg/N8kkxL5Gr2eqBwQ/ahjcsFgRAAAAABZn0u/6sLNl/Ewtdq2E3cxyRTMl+UiEpnhu85exQ1p8F3tiHZeLlUgFKxjH/+8sdYfhmQyk01nQ9+OcGqyrVCA=="},"uninstall_metrics":{"installation_date2":"1710088262"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":3779,"pseudo_low_entropy_source":565,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13354561862731533","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Local State~RF6195b0.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):949
                                                                                                                                                                                                    Entropy (8bit):5.6834948680070525
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YKWJu5rrtI+9nZLyUW83DUH6pBZfaeCUWO4czIbvX0QQRCYfYg:Yqfq6UULIHIB1ZH4czCvZB0
                                                                                                                                                                                                    MD5:5E498BB75009739104901BE011470B60
                                                                                                                                                                                                    SHA1:8AC02790BCEE6BC3237F00770A4754B8F2ACD759
                                                                                                                                                                                                    SHA-256:2E6E8FE1D79C2D35A40FBF69D9E3833AD501362527493BD859844E8D234B4206
                                                                                                                                                                                                    SHA-512:1A70A51CD440479905D5297AB77BE4FF2ADCFEB3E842242CB87461A3BC8507A46EE8A67A407B63163B1945EE26C8F76DBCC227F7736B90B8B28BCE2E6A165485
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABgeMgLbTHqT4ZdtySMAHWvEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADlzDCh0OPky8yw7bsie0rKFKneHA/kx1kyF7EN3ed+cQAAAAAOgAAAAAIAACAAAABZDcy2+MV59fH/50Y/NbTYCxbv1ErctHXne9S5dCGYTTAAAAAo0dMALsmk9bPktOPAt7Qnm8i5+3YRs3o6oaUyfg/N8kkxL5Gr2eqBwQ/ahjcsFgRAAAAABZn0u/6sLNl/Ewtdq2E3cxyRTMl+UiEpnhu85exQ1p8F3tiHZeLlUgFKxjH/+8sdYfhmQyk01nQ9+OcGqyrVCA=="},"uninstall_metrics":{"installation_date2":"1710088262"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":3779,"pseudo_low_entropy_source":565,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13354561862731533","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Local State~RF61bc82.TMP (copy)

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):949
                                                                                                                                                                                                    Entropy (8bit):5.6834948680070525
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:YKWJu5rrtI+9nZLyUW83DUH6pBZfaeCUWO4czIbvX0QQRCYfYg:Yqfq6UULIHIB1ZH4czCvZB0
                                                                                                                                                                                                    MD5:5E498BB75009739104901BE011470B60
                                                                                                                                                                                                    SHA1:8AC02790BCEE6BC3237F00770A4754B8F2ACD759
                                                                                                                                                                                                    SHA-256:2E6E8FE1D79C2D35A40FBF69D9E3833AD501362527493BD859844E8D234B4206
                                                                                                                                                                                                    SHA-512:1A70A51CD440479905D5297AB77BE4FF2ADCFEB3E842242CB87461A3BC8507A46EE8A67A407B63163B1945EE26C8F76DBCC227F7736B90B8B28BCE2E6A165485
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABgeMgLbTHqT4ZdtySMAHWvEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADlzDCh0OPky8yw7bsie0rKFKneHA/kx1kyF7EN3ed+cQAAAAAOgAAAAAIAACAAAABZDcy2+MV59fH/50Y/NbTYCxbv1ErctHXne9S5dCGYTTAAAAAo0dMALsmk9bPktOPAt7Qnm8i5+3YRs3o6oaUyfg/N8kkxL5Gr2eqBwQ/ahjcsFgRAAAAABZn0u/6sLNl/Ewtdq2E3cxyRTMl+UiEpnhu85exQ1p8F3tiHZeLlUgFKxjH/+8sdYfhmQyk01nQ9+OcGqyrVCA=="},"uninstall_metrics":{"installation_date2":"1710088262"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":3779,"pseudo_low_entropy_source":565,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13354561862731533","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\ShaderCache\data_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsFl:/F
                                                                                                                                                                                                    MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                    SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                    SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                    SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\ShaderCache\data_1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):270336
                                                                                                                                                                                                    Entropy (8bit):0.0012471779557650352
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsEllllkEthXllkl2zE:/M/xT02z
                                                                                                                                                                                                    MD5:F50F89A0A91564D0B8A211F8921AA7DE
                                                                                                                                                                                                    SHA1:112403A17DD69D5B9018B8CEDE023CB3B54EAB7D
                                                                                                                                                                                                    SHA-256:B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
                                                                                                                                                                                                    SHA-512:BF8CDA48CF1EC4E73F0DD1D4FA5562AF1836120214EDB74957430CD3E4A2783E801FA3F4ED2AFB375257CAEED4ABE958265237D6E0AACF35A9EDE7A2E8898D58
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\ShaderCache\data_2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                    MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                    SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                    SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                    SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\ShaderCache\data_3

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):8192
                                                                                                                                                                                                    Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                    MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                    SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                    SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                    SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\ShaderCache\index

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):262512
                                                                                                                                                                                                    Entropy (8bit):9.553120663130604E-4
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:LsNlvV:Ls3v
                                                                                                                                                                                                    MD5:81498B908B4F1900990764EEA9EBAD94
                                                                                                                                                                                                    SHA1:45794D650D2014D8C96153B6DF2D05FEA1A8ED28
                                                                                                                                                                                                    SHA-256:EDA60939BA9EBA9F7F88C57428CCEACDAB135DE63B20635D6EDF3EDD7C7F99B1
                                                                                                                                                                                                    SHA-512:E78FE3FB2BD0A07663399D26D77BE7286F938026B8E1792C2426C8BACE1D860CF7410A5040E3B0D3D154C9EFF6F2F708F62F0FF14EF6510D2B7ED77562E49D8F
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:........................................7Q.;.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):47
                                                                                                                                                                                                    Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                    MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                    SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                    SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                    SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35
                                                                                                                                                                                                    Entropy (8bit):4.014438730983427
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                    MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                    SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                    SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                    SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):29
                                                                                                                                                                                                    Entropy (8bit):3.922828737239167
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:2NGw+K+:fwZ+
                                                                                                                                                                                                    MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                                                                                                                                    SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                                                                                                                                    SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                                                                                                                                    SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:customSynchronousLookupUris_0

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35302
                                                                                                                                                                                                    Entropy (8bit):7.99333285466604
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                                                    MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                                                    SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                                                    SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                                                    SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):81
                                                                                                                                                                                                    Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                    MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                    SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                    SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                    SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3581
                                                                                                                                                                                                    Entropy (8bit):4.459693941095613
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                                                                                                                                    MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                                                                                                                                    SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                                                                                                                                    SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                                                                                                                                    SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):130439
                                                                                                                                                                                                    Entropy (8bit):3.80180718117079
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                    MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                    SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                    SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                    SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):40
                                                                                                                                                                                                    Entropy (8bit):4.346439344671015
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                    MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                    SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                    SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                    SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):35302
                                                                                                                                                                                                    Entropy (8bit):7.99333285466604
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                                                    MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                                                    SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                                                    SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                                                    SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):57
                                                                                                                                                                                                    Entropy (8bit):4.556488479039065
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                    MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                    SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                    SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                    SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):29
                                                                                                                                                                                                    Entropy (8bit):4.030394788231021
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                    MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                    SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                    SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                    SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:topTraffic_638004170464094982

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):575056
                                                                                                                                                                                                    Entropy (8bit):7.999649474060713
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                    MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                    SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                    SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                    SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):460992
                                                                                                                                                                                                    Entropy (8bit):7.999625908035124
                                                                                                                                                                                                    Encrypted:true
                                                                                                                                                                                                    SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                    MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                    SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                    SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                    SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\local\uriCache

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:ASCII text, with no line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):9
                                                                                                                                                                                                    Entropy (8bit):3.169925001442312
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                    MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                    SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                    SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                    SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:uriCache_

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\local\uriCache_

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):179
                                                                                                                                                                                                    Entropy (8bit):4.992610248636751
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YTyLSmafBoTfcbUbAozRLuLgfGBkGAeekVy8Hfjg9PIAcnVUTLTy:YWLSGTcbOAo9LuLgfGBPAzkVj/EMn7
                                                                                                                                                                                                    MD5:362356862B7B75BF7C3AADBB57386BE6
                                                                                                                                                                                                    SHA1:13116ABF190371CE104DBFC2C8AD7B68FBC5BE56
                                                                                                                                                                                                    SHA-256:31E75E124D67810EEBE0E11A70450FB3FCE22D0BDB48D4D504FA53B2EF083AE3
                                                                                                                                                                                                    SHA-512:16FFF87E57F2F18C12C887595AFACED78D022BF668B1DEEC13059D96E47C94358B71376EF438EADD86D8E39D8564064DEB1DAAF2D13B5E49C68B36A9923BF670
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"version":1,"cache_data":[{"file_hash":"a03546dcfafd8e0c","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":0,"expiration_time":1710195231952176}]}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Variations

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):86
                                                                                                                                                                                                    Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQan:YQ3Kq9X0dMgAEwjM
                                                                                                                                                                                                    MD5:961E3604F228B0D10541EBF921500C86
                                                                                                                                                                                                    SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
                                                                                                                                                                                                    SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
                                                                                                                                                                                                    SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\b26c5473-dd8a-47b9-a723-937cff6f9c4b.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):3491
                                                                                                                                                                                                    Entropy (8bit):5.255452687895151
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:96:PNkGSCvfq6UU0Hg58rh/cIyURLl8DotomAB7oLZxJCisX4u:PNBSh6UhHZViDUO7Qr+
                                                                                                                                                                                                    MD5:C8BF6254FD82A3DD3F9B6C65481CAD88
                                                                                                                                                                                                    SHA1:81127A92D3DB28864A30D98794B283AAC5417CA6
                                                                                                                                                                                                    SHA-256:09110322F12898A794A6DF8021C002B23AA3CC6D0EC1AAB9643EB71504214758
                                                                                                                                                                                                    SHA-512:727AB1EEEE70DAC72B2054BD2575BFDBF4505BC9DE05888EF01D981AC5D8BBC5A7B6D9E8A65455431DCAE06344CAED03F84E3519CDA41F4337AD1677AC3B0251
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"is_dsp_recommended":true,"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.710088264565288e+12,"network":1.710088264e+12,"ticks":6381188236.0,"uncertainty":2649480.0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABgeMgLbTHqT4ZdtySMAHWvEAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAADlzDCh0OPky8yw7bsie0rKFKneHA/kx1kyF7EN3ed+cQAAAAAOgAAAAAIAACAAAABZDcy2+MV59fH/50Y/NbTYCxbv1ErctHXne9S5dCGYTTAAAAAo0dMALsmk9bPktOPAt7Qnm8i5+3YRs3o6oaUyfg/N8kkxL5Gr2eqBwQ/ahjcsFgRAAAAABZn0u/6sLNl/Ewtdq2E3cxyRTMl+UiEpnhu85ex

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Mar 10 15:30:42 2024, mtime=Sun Mar 10 15:30:42 2024, atime=Sun Mar 10 15:30:42 2024, length=56368, window=hide
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):764
                                                                                                                                                                                                    Entropy (8bit):5.050624845736761
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:12:8YU9QC24NWCQgdY//77QSSLU37XfjAsyrHkfvBmV:8YIMi+PQSsgrAsyYfvBm
                                                                                                                                                                                                    MD5:BB4B04A57720B551A6597B3B9A632397
                                                                                                                                                                                                    SHA1:9A63D0183103100601519155084E821271AB0AE2
                                                                                                                                                                                                    SHA-256:CA358EBB404AE499FDB2C27E7BC341FD2FA29B61F30395B543697331A9CD57A9
                                                                                                                                                                                                    SHA-512:E4023E96A633C225956A417CBD5AD73DA403BA178AA5E1C1E6FE361D44EE5C7737C3CCCAF1D14298BD9AE45A2598F9681865F8B7ECA299EA73E33CDC35B03729
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:L..................F.... ...m.XK.s..m.XK.s..m.XK.s..0.......................v.:..DG..Yr?.D..U..k0.&...&......vk.v....|C.0.s.....K.s......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^jX.............................%..A.p.p.D.a.t.a...B.V.1.....jX....Roaming.@......CW.^jX................................R.o.a.m.i.n.g.....b.2.0...jX. .XClient.exe.H......jX.jX.....`......................K..X.C.l.i.e.n.t...e.x.e.......Y...............-.......X............a.^.....C:\Users\user\AppData\Roaming\XClient.exe........\.....\.....\.....\.....\.X.C.l.i.e.n.t...e.x.e.`.......X.......965543...........hT..CrF.f4... .q.T..b...,.......hT..CrF.f4... .q.T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\XClient.exe

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                    File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):56368
                                                                                                                                                                                                    Entropy (8bit):6.120994357619221
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:768:fF9E8FLLs2Zokf85d9PTV6Iq8Fnqf7P+WxqWKnz8DH:ffE6EkfOd9PT86dWvKgb
                                                                                                                                                                                                    MD5:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                    SHA1:19DFD86294C4A525BA21C6AF77681B2A9BBECB55
                                                                                                                                                                                                    SHA-256:99A2C778C9A6486639D0AFF1A7D2D494C2B0DC4C7913EBCB7BFEA50A2F1D0B09
                                                                                                                                                                                                    SHA-512:94F0ACE37CAE77BE9935CF4FC8AAA94691343D3B38DE5E16C663B902C220BFF513CD02256C7AF2D815A23DD30439582DDBB0880009C76BBF36FF8FBC1A6DDC18
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A>.]..............0................. ........@.. ....................................`.................................t...O.......................0B..........<................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......t3..pc.............X...<........................................0..........s.....Y.....(.....Z.....&..(......+....(....o......r...p(....-..r...p(....,.....X....i2..-;(....(..........%.r!..p.(....(....((...(....(....(....( .....-.(7...(.....*.(....-..*.~S...-.~R....S...s!.....~W...o"....~U...o#....~V...o$....o%...~Y...o&...~S...~Q...~T....s'....P...~P...sE...o(............~W....@_,s.....()...r7..p.$(*........o+..........o,....2....... ....37(....(8.........%...o-....

                                                                                                                                                                                                    C:\Users\user\Desktop\Bot Master.lnk

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sun Mar 10 15:30:51 2024, mtime=Sun Mar 10 15:30:51 2024, atime=Mon Jun 26 09:50:00 2023, length=2941952, window=hide
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):2156
                                                                                                                                                                                                    Entropy (8bit):3.4567703664048017
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:24:80VAEcbdOEefn9KYPIA0e97KdMdwdv7bIUUSvqyFm:80xcbdOTfgYH0JdMdwdfd6yF
                                                                                                                                                                                                    MD5:9670263686CB2B13F51C9C7A2E1D06CD
                                                                                                                                                                                                    SHA1:9801AB9CE6A215531139DD92FE97C61E3BDE86AE
                                                                                                                                                                                                    SHA-256:08FE2AD6C0C6E5C42853158AC57057F276D918DC2CEAB85A1E3BDE011D903D72
                                                                                                                                                                                                    SHA-512:2D8ECC5BD049F18B74511AC24A9A400C998739CEB95D7982EFE7BA266BB0124542A4382E73DD71C43688118A8CEA81FC9320D3605017F0880B49132E59A5B907
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:L..................F.@.. ......P.s..os.P.s....F.......,..........................P.O. .:i.....+00.../C:\.....................1.....jX...PROGRA~2.........O.IjX.....................V.....U...P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1.....jX...BOTMAS~1..F......jX.jX.....v.....................U...B.o.t. .M.a.s.t.e.r.....^.1.....jX...BOTMAS~1..F......jX.jX...........................B'..B.o.t. .M.a.s.t.e.r.....h.2...,..V@V .BOTMAS~1.EXE..L......jX.jX...............................B.o.t.M.a.s.t.e.r...e.x.e.......i...............-.......h............a.^.....C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe..@.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.o.t. .M.a.s.t.e.r.\.B.o.t. .M.a.s.t.e.r.\.B.o.t.M.a.s.t.e.r...e.x.e.-.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.o.t. .M.a.s.t.e.r.\.B.o.t. .M.a.s.t.e.r.\.:.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.o.t. .M.a.s.t.e.r.\.B.o.t. .M.a.s.t.e.r.\.B.o.t.M.a.s.

                                                                                                                                                                                                    C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                    File Type:JSON data
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):55
                                                                                                                                                                                                    Entropy (8bit):4.306461250274409
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                    MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                    SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                    SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                    SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                    \Device\ConDrv

                                                                                                                                                                                                    Download File
                                                                                                                                                                                                    Process:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                    File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                    Category:dropped
                                                                                                                                                                                                    Size (bytes):221
                                                                                                                                                                                                    Entropy (8bit):4.801526423190794
                                                                                                                                                                                                    Encrypted:false
                                                                                                                                                                                                    SSDEEP:6:zx3Me21f1LRJIQtAMw/VgRZBXVN+1GFJqozrCib:zKpj1JIUwqBFN+1Q3b
                                                                                                                                                                                                    MD5:A3DCA41A950A7DF7ECE76A867A17400E
                                                                                                                                                                                                    SHA1:AA9EFDBCF37BEE2C7FD0986F1A4308A73EC3F7BB
                                                                                                                                                                                                    SHA-256:6B2BE177016DF867316A0C432DAB0B71B6E51B35D169B0ACB1ABB47A4C03D7C0
                                                                                                                                                                                                    SHA-512:F80207B5B78C7AE867AAB139196BBBEDE0437961DD03E790AEF3B877A228D7A90B9178B3342324B0EEA1C270E2A232A769B2F2D9E5DB4C065EB95140FA12239D
                                                                                                                                                                                                    Malicious:false
                                                                                                                                                                                                    Preview:Microsoft (R) ASP.NET Compilation Tool version 4.8.4084.0..Utility to precompile an ASP.NET application..Copyright (C) Microsoft Corporation. All rights reserved.....Run 'aspnet_compiler -?' for a list of valid options...

                                                                                                                                                                                                    Static File Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                    Entropy (8bit):7.939995431573425
                                                                                                                                                                                                    TrID:
                                                                                                                                                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                    File name:SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                                                                    File size:3'511'296 bytes
                                                                                                                                                                                                    MD5:f24a4d5b6036a3de2eba88868bd771f2
                                                                                                                                                                                                    SHA1:3048d822d2b80d66284d1446052da0ba2be27d9e
                                                                                                                                                                                                    SHA256:2c2f38b6679224281d1f9a0bee4ac5db26f845e0d0eb74c0caa2d994411ee7e2
                                                                                                                                                                                                    SHA512:17a245a0c5e70982ea5f479319417864e122d3febbdf16d310d42b7f9acb8d7135fdf9c34082cd42858a4b98e696ec02d17b69deb249e8ed0cdfab26ec909bfc
                                                                                                                                                                                                    SSDEEP:49152:rbAa/I9L1n4OjdXalpe85gqWa4CRFaMQRh/7hK+OWp7W+qYp9foZWHyeHxYMp5FN:ga/K1Fa71qrMFO3DgCjqWQZWSmeMTPH
                                                                                                                                                                                                    TLSH:05F5230FFB8A89E1D2846B31C5EB593093B4E6817397CB4A358E53E518433A6FD5920F
                                                                                                                                                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N.e..................4...........4.. ....5...@.. ........................5......J6...`................................

                                                                                                                                                                                                    File Icon

                                                                                                                                                                                                    Icon Hash:1a696825b4888b03

                                                                                                                                                                                                    Static PE Info

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Entrypoint:0x74fbde
                                                                                                                                                                                                    Entrypoint Section:.text
                                                                                                                                                                                                    Digitally signed:false
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    Subsystem:windows gui
                                                                                                                                                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                    DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                    Time Stamp:0x65004EB5 [Tue Sep 12 11:42:45 2023 UTC]
                                                                                                                                                                                                    TLS Callbacks:
                                                                                                                                                                                                    CLR (.Net) Version:
                                                                                                                                                                                                    OS Version Major:4
                                                                                                                                                                                                    OS Version Minor:0
                                                                                                                                                                                                    File Version Major:4
                                                                                                                                                                                                    File Version Minor:0
                                                                                                                                                                                                    Subsystem Version Major:4
                                                                                                                                                                                                    Subsystem Version Minor:0
                                                                                                                                                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                    Entrypoint Preview

                                                                                                                                                                                                    Instruction
                                                                                                                                                                                                    jmp dword ptr [00402000h]
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al
                                                                                                                                                                                                    add byte ptr [eax], al

                                                                                                                                                                                                    Data Directories

                                                                                                                                                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x34fb900x4b.text
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x3500000xb306.rsrc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x35c0000xc.reloc
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                    Sections

                                                                                                                                                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                    .text0x20000x34dbe40x34dc00ecd177a9aacebcc289ba7f2a0311a5bfunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .rsrc0x3500000xb3060xb40080dc0e6606893da9072dbe53e7418202False0.5292100694444445data3.818194034187686IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                    .reloc0x35c0000xc0x20082b588a9fbfc65fe32d5cc876d2f8979False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                    Resources

                                                                                                                                                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                    RT_ICON0x3502340x568Device independent bitmap graphic, 16 x 32 x 8, image size 3200.3374277456647399
                                                                                                                                                                                                    RT_ICON0x35079c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 11520.7161552346570397
                                                                                                                                                                                                    RT_ICON0x3510440xea8Device independent bitmap graphic, 48 x 96 x 8, image size 26880.6295309168443497
                                                                                                                                                                                                    RT_ICON0x351eec0x1628Device independent bitmap graphic, 64 x 128 x 8, image size 46080.5874471086036671
                                                                                                                                                                                                    RT_ICON0x3535140x2ca8Device independent bitmap graphic, 96 x 192 x 8, image size 103680.5359517144856543
                                                                                                                                                                                                    RT_ICON0x3561bc0x4c28Device independent bitmap graphic, 128 x 256 x 8, image size 184320.5150287238407879
                                                                                                                                                                                                    RT_GROUP_ICON0x35ade40x5adata0.7555555555555555
                                                                                                                                                                                                    RT_VERSION0x35ae400x2dcdata0.43579234972677594
                                                                                                                                                                                                    RT_MANIFEST0x35b11c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                    Imports

                                                                                                                                                                                                    DLLImport
                                                                                                                                                                                                    mscoree.dll_CorExeMain

                                                                                                                                                                                                    Network Behavior

                                                                                                                                                                                                    Snort IDS Alerts

                                                                                                                                                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    03/10/24-17:32:22.814457TCP2852923ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    03/10/24-17:32:24.712981TCP2852874ETPRO TROJAN Win32/XWorm CnC PING Command Inbound M21576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    03/10/24-17:30:45.329887TCP2853192ETPRO TROJAN Win32/XWorm V3 CnC Command - sendPlugin Outbound4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    03/10/24-17:32:24.712981TCP2852870ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    03/10/24-17:32:06.998086TCP2855924ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound4973415762192.168.2.4209.25.140.212

                                                                                                                                                                                                    Network Port Distribution

                                                                                                                                                                                                    TCP Packets

                                                                                                                                                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                    Mar 10, 2024 17:30:43.797106028 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:44.011290073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:44.011507988 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:44.114499092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:44.469456911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:44.635490894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.021644115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.277770996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.277790070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.277801037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.277858973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.322988987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.329886913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.526453018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.530184031 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.731178045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.731257915 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.965255022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.965328932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.965342045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.965500116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.965574980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.965749979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.965764046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.965775967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.965809107 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.965838909 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.965843916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.965869904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.965904951 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.965905905 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.966398001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.967025042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.967052937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.967092037 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.967097044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.967137098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.967715979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.967762947 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.968127012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.968167067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.968170881 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.968612909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.968657970 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.968657970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.968704939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:45.968744993 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.020760059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.020976067 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.131690979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.304363012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.304653883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.317281961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.317847967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.317955017 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.317995071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.318505049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.318542957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.318578959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.318661928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.318661928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.318685055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.319046021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.319102049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.319190025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.319271088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.319307089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.319340944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.319350004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.319411039 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.320122004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.320194006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.320259094 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.320364952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.320401907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.320456028 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.321444035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.321484089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.321556091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.368496895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.369349003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.369452000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.664890051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.665585995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.665647984 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.666129112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.666227102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.666294098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.668338060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.668500900 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.668581963 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.668715000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.668925047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.668973923 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.669133902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.669193029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.669239044 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.669508934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.669600964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.669641018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.669650078 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.669744968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.669794083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.670001030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.670249939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.670300961 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.670305014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.670629025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.670674086 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.670736074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.670751095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.670795918 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.671112061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.672800064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.672883987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.673590899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.673649073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.673696041 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.673893929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.673949957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.674005032 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.674542904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.675136089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.675189018 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.675194979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.675260067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.675307989 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.675337076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.675717115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.675767899 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.676074982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.676408052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.676455021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.677018881 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.717659950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.717713118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.718034029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.718775988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.718816042 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.718849897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:46.760582924 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.010869026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.012422085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.012516975 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.012573957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.013376951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.013432026 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.016751051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.017796993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.017854929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.018172026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.018241882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.018299103 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.018383980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.018484116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.018538952 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.018686056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.018934965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.018991947 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.019710064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.020111084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.020148993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.020165920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.020369053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.020428896 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.020648003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.020687103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.020744085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.021194935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.021523952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.021580935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.021759987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.021809101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.021868944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.022283077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.022320986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.022376060 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.022723913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.022761106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.022831917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.024075985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.024128914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.024166107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.024199963 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.024261951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.024298906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.024315119 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.024369955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.024425983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.024918079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.024998903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.025034904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.025054932 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.025078058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.025134087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.074121952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.079375029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.079489946 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.428462982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.428530931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.428613901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.428977013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.429017067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.429081917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.429779053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.429876089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.429934025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.430039883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.430211067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.430280924 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.430442095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.430529118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.430584908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.431515932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.431602001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.431663990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.431679010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.432038069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.432101965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.432173967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.432212114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.432272911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.432905912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.432946920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.433005095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.433228970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.433494091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.433561087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.433567047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.433643103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.433737993 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.433923960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.434048891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.434087038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.434113979 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.434345007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.434401989 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.435069084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.435167074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.435225964 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.435226917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.435296059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.435353041 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.435353041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.435630083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.435667038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.435686111 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.436144114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.436187029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.436204910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.436288118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.436343908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.436358929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.436491013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.436551094 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.436568975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.437192917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.437249899 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.437251091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.479322910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.773581982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.779340982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.779377937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.779432058 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.779469013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.779618025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.780328035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.780368090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.780422926 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.780477047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.780514956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.780575037 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.780694962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.780798912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.780855894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.782222033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.782289028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.782324076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.782344103 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:47.823118925 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.127765894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.128736019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.128777981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.128835917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.128994942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.129034996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.129053116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.129074097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.129126072 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.129707098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.129755020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.129805088 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.130513906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.130950928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.131009102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.131052971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.131124973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.131175041 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.131190062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.131910086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.131968021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.132168055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.132977962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.133016109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.133025885 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.133265972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.133322954 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.133697033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.134149075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.134186983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.134203911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.134356976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.134409904 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.134468079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.134737015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.134774923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.134789944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.135354042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.135396004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.135409117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.135435104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.135488033 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.135504961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.135776043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.135828972 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.135850906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.136869907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.136908054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.136923075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.137001038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.137037992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.137067080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.137125969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.137162924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.137176991 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.137548923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.137600899 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.137607098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.137645960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.137693882 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.138489962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.182373047 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.478533030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.478590965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.478830099 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.479012966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.479120970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.479163885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.479202032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.479216099 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.479243040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.479255915 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.479285002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.479327917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.479350090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.479670048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.479715109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.480464935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.480504036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.480588913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.483778000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.526205063 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.827181101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.827596903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.827665091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.827800989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.828049898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.828089952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.828114033 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.828165054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.828227997 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.828428984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.828646898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.828702927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.828911066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.829216003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.829253912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.829276085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.829375982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.829432011 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.829471111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.829597950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.829651117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.829730034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.830168962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.830225945 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.830267906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.830373049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.830430031 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.831104994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.831193924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.831247091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.831429005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.831486940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.831536055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.832119942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.832159042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.832209110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.832284927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.832323074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.832376003 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.832392931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.832849026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.832906008 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.833198071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.833235979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.833307028 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.833323956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.833450079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.833499908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.833667994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.833864927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.833921909 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.834394932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.834471941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.834527969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.834825039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.834876060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.834983110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.835278988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.835367918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:48.835412979 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.173861980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.173890114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.173954964 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.174932957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.178577900 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.178637981 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.178787947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.179625988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.179680109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.180066109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.180109978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.180130959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.180155993 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.180407047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.180425882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.180457115 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.180777073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.180829048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.180845976 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.229262114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.530267954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.530978918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.531018019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.531169891 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.531227112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.531287909 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.531348944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.532061100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.532118082 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.532119036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.532156944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.532212973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.532247066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.532535076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.532572031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.532591105 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.533849955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.533889055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.533912897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.533931017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.533983946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.533986092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.534023046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.534079075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.534137964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.534885883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.534924984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.534944057 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.534997940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.535054922 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.535654068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.536281109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.536318064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.536338091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.537053108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.537143946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.537164927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.537491083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.537528038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.537547112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.537564039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.537620068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.538345098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.542649984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.542823076 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.542999029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.544398069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.544450045 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.545236111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.545272112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.545310020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.545327902 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.545346022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.545382977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.545396090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.545419931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.545456886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.545469999 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.545495033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.545547009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.877933979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.877974987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.878078938 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.878536940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.878988981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.879054070 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.879097939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.882029057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.882489920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.882560968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.882942915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.883460999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.883526087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.883645058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.883682966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.883704901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.883832932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.883910894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.883966923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:49.932374001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.230945110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.231070995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.231338978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.231610060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.231650114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.231692076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.231795073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.231807947 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.231833935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.231874943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.231894970 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.231925964 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.232387066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.232497931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.232549906 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.232642889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.232686996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.232743025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.233011007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.233330011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.233464003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.233505964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.233531952 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.233584881 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.233792067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.233901978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.235668898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.235733032 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.235735893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.236035109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.236073971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.236088991 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.236130953 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.236421108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.236512899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.237158060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.237210989 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.237355947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.237442970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.237494946 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.237504005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.237549067 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.237823009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.237895966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.238193989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.238250017 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.238538027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.238657951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.238707066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.238717079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.238756895 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.238807917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.238882065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.238933086 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.239202976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.239581108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.239620924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.239674091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.239698887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.239748001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.578427076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.578582048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.578676939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.578682899 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.583074093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.583129883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.584184885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.584373951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.584410906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.584422112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.585042953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.585091114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.585098982 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.585129976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.585176945 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.585532904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.585592985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.585647106 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.587752104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.635535955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.990308046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.990335941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.990386963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.990400076 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.990994930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.991038084 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.991055965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.991117001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.991159916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.991259098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.991342068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.991384983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.991540909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.991786957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.991827965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.991847038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.992074013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.992114067 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.992132902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.992213964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.992254972 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.992835999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.993128061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.993180990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.993302107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.993385077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.993431091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.993443012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.994487047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.994585991 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.994587898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.994621038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.994661093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.994733095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.994812012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.994853020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.996102095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.996784925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.996838093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.996840000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.997577906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.997622967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.997682095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.997761011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.997801065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.998328924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.999144077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.999164104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.999185085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.999283075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.999324083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.999349117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.999402046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.999418974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.999444008 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.999797106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:50.999845028 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.000375986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.000437021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.000478983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.335119009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.335366011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.335424900 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.335593939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.339637041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.339695930 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.340534925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.340884924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.340931892 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.341170073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.341320992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.341373920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.341387033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.341463089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.341515064 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.341655016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.341711998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.341774940 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.341785908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.385464907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.706873894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.706937075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.707190037 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.707940102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.708209038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.708271980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.708272934 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.708313942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.708527088 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.708887100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.709444046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.709503889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.709563017 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.709888935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.709958076 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.710510969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.710572958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.710829020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.710917950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.710956097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.711163998 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.711530924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.711941004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.711977959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.712008953 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.712016106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.712201118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.712719917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.712857008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.712975025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.713901997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.713948011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.713985920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.714025974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.714027882 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.714063883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.714099884 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.714699984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.714776039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.714814901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.714818001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.714879036 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.714885950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.715015888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.715192080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.715401888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.715615988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.715693951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.715852976 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.716484070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.716521978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.716698885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.716732979 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.716778994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.716850996 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.717092037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.717178106 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.717420101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.717487097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:51.717622042 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.054001093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.054678917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.054867983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.055166960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.082307100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.082832098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.082999945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.083086014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.083174944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.083908081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.084364891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.084407091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.084708929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.085531950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.085572958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.085609913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.086244106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.086303949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.086343050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.086344957 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.086555004 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.433475971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.433969975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.434010983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.434075117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.434124947 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.434350967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.434391022 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.434438944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.434530020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.434575081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.435224056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.435297012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.435340881 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.436213970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.436283112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.436310053 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.436367989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.436517000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.436691046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.436989069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.437093973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.437102079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.437911987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.437989950 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.438117981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.438158035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.438586950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.438627005 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.438736916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.438775063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.438815117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.439315081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.439762115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.439801931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.439821959 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.439876080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.439905882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.439944983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.440032005 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.440692902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.440776110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.440934896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.440947056 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.441070080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.441107035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.441709995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.441750050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.441765070 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.441791058 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.441956997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.442163944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.443470001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.443511963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.443602085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.444524050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.444561005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.444744110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.444962025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.445050001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.445152998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.445197105 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.494935989 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.790234089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.790533066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.790607929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.790776014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.791058064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.791136980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.791512966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.791554928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.791591883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.791626930 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.792262077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.792320967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.792668104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.792850971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.792922974 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.792922974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.792960882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.793239117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.794054985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:52.838589907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.148657084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.148786068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.148823977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.148858070 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.149070024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.149316072 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.149684906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.153825045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.153887033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.153894901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.153965950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154022932 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154064894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154136896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154174089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154207945 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154254913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154293060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154306889 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154329062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154376030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154397964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154438019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154474974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154484987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154577017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154614925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154633045 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154736996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.154792070 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.155466080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.156557083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.156636000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.157104969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.157773972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.157812119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.157830000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.158214092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.158277988 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.158902884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.159126997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.159164906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.159219027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.160028934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.160083055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.160110950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.161030054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.161122084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.161135912 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.161159992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.161211014 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.161509037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.162184954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.162221909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.162261009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.162765980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.162805080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.162821054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.163800001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.163836956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.163858891 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.213599920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.493408918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.494384050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.494493961 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.503129959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.506421089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.506478071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.506488085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.506515980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.506552935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.506568909 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.506592035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.506647110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.508697033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.509737015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.509799004 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.509918928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.510436058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.512121916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.514823914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:53.659529924 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.009520054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.010062933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.010179996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.010262966 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.010410070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.011168003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.011245012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.011312008 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.011437893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.011485100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.011529922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.011548996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.011564970 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.011564970 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.011599064 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.012896061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.012929916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.012989044 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.013031960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.013072968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.013135910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.013189077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.013237953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.014512062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.014564991 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.014566898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.014643908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.014662027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.014693022 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.014718056 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.014736891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.015285015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.015327930 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.015563965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.015589952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.015631914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.015635967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.015697002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.015743017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.015790939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.016453028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.016860008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.016910076 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.016936064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.016980886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.017020941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.017060995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.017110109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.017288923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.017328978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.017375946 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.017776012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.017848015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.017899990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.017949104 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.018481970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.018754959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.018805027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.018815041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.018861055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.356005907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.356075048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.356117010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.356177092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.356726885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.356787920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.356995106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.357094049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.357141972 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.357229948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.357264996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.357340097 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.357769012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.357806921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.357845068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.357901096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.358856916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.358947039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.358968019 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.358983994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.359127998 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.704703093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.705033064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.705096960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.705112934 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.705135107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.705194950 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.705287933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.705950022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.705987930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.706012011 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.706427097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.706465960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.706490993 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.706502914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.706556082 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.706646919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.707122087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.707190990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.707225084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.707294941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.707349062 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.708139896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.708401918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.708465099 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.708848953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.708887100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.708947897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.709311008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.709403992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.709460020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.709666967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.709723949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.709778070 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.710345030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.710382938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.710438967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.710463047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.710536003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.710572004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.710587978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.710673094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.710710049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.710724115 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.711262941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.711302042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.711328030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.711446047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.711483002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.711502075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.711702108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.711759090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.711765051 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.712482929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.712519884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.712538958 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.712555885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.712593079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.712610960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.712662935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.712699890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.712713957 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:54.869941950 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.054584980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.055747986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.055845022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.055970907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.059284925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.059353113 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.060103893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.060146093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.060198069 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.061528921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.063271046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.063308954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.063338041 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.065844059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.065932035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.065947056 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.065972090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.066013098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.066028118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.166837931 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.513183117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.513336897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.513449907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.513587952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.513628960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.513679028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.513717890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.513762951 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.513998032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.514044046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.514265060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.514323950 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.514621019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.514759064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.514816046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.515029907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.515074015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.515110970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.515130043 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.515350103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.515399933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.515407085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.515439987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.515491962 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.515583992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.515620947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.515671015 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.515898943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.516499043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.516537905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.516558886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.516787052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.516841888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.516851902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.516890049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.516942978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.516962051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.517272949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.517338991 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.518127918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.518290997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.518345118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.518537045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.518584967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:55.518634081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.002147913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.376730919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.376789093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.376859903 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.377193928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.377298117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.377358913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.377490997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.377547979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.377584934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.377600908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.378287077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.378325939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.378345013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.378362894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.378423929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.378565073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.378638983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.378693104 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.379304886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.379343987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.379379034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.379399061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.379566908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.379605055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.379620075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.379662037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.379713058 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.380271912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.380563974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.380601883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.380620003 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.381236076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.381308079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.381308079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.381344080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.381395102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.726463079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.726670980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.726747990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.727227926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.727303982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.727351904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.727354050 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.727427959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.727471113 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.727669001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.727720022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.727859974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.727902889 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728053093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728142023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728177071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728185892 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728223085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728281975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728338957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728382111 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728535891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728579998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728621960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728646040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728681087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728909016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728952885 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.728967905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.729441881 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.729490042 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.730607033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.730658054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.730698109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.731024027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.731117010 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.731295109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.731339931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.731380939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.732225895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.732291937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.732325077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.732342005 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.732532024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.732686996 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.732753992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.732829094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.732868910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.733498096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.733828068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.733872890 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.733889103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.733964920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.734009027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.734052896 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.734436035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.734478951 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.734659910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.735054970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.735188007 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.735280037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:56.963599920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.072511911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.073494911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.073556900 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.077172995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.077759027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.077810049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.078167915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.078283072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.078433990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.078752041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.078824043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.078860998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.078918934 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.079108953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.079159975 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.079232931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.079375029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.079441071 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.080971956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.080991983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.081048012 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.424915075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.424981117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.425021887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.425103903 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.425863981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.425909996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.425925016 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.425947905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.426019907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.426062107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.426069021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.426574945 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.426656008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.426697016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.426739931 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.430625916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.430846930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.430887938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.430903912 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.431548119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.431602955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.431643963 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.431643963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.431766033 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.431780100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.431819916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.431871891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.431916952 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.432409048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.432459116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.432466030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.432552099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.432589054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.432602882 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.432878017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.432926893 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.433490038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.433563948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.433752060 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.433852911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.433911085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.433990002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.434045076 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.434919119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.434971094 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.435024023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.435266018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.435314894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.435614109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.435674906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.435724974 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.436281919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.436727047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.436779976 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.437863111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.437906027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.437975883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.438839912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.439280033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.439317942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.439337015 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.557357073 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.771235943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.773381948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.773425102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.773479939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.773802042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.773907900 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.774738073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.774777889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.775024891 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.775064945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.775103092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.775139093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.775160074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.775477886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.775542021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.775679111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.775717974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.775799990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.777524948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:57.869853020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.124073982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.124428034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.124502897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.124520063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.124560118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.124619961 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.124682903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.124722004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.124814987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.125307083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.125552893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.125607967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.125938892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.126015902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.126084089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.126121044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.126140118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.126285076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.126338005 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.126727104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.126831055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.126914978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.127017975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.127054930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.127075911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.127196074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.127254009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.127262115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.127711058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.127763033 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.128082991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.128201008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.128269911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.128274918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.128315926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.128353119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.128408909 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.128762007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.128842115 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.129085064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.129156113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.129192114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.129213095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.129296064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.129349947 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.129713058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.129786968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.129862070 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.130242109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.130412102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.130450010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.130501986 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.130810022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.130883932 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.130896091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.131468058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.131515980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.131522894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.131953955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.131990910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.132013083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.369854927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.471920013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.471971989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.472024918 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.472125053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.472677946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.472727060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.472728968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.472826958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.472865105 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.472877026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.472934008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.472975016 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.472996950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.473242998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.473403931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.473443985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.473462105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.473591089 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.473721981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.557352066 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.764051914 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.817970037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.818082094 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.818104982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.818169117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.818197966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.818223000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.818269968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.818428993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.818481922 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.818485975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.818527937 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.818931103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.819016933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.819065094 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.819207907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.819225073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.819302082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.819334030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.819346905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.819389105 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.819552898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.819983006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.820069075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.820086956 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.820230007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.820274115 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.820455074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.820636988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.820708990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.821201086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.821275949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.821333885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.821345091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.821660995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.821707010 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.821784973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.821940899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.821985960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.822663069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.822747946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.822783947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.822824001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.823832035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.823896885 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.823923111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.823960066 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.824018002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.824088097 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.824095964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.824134111 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.824517965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.824593067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.824631929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.825485945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.825500965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.825536966 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.825562000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.825722933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.825764894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.825802088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.825864077 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.826149940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.826195002 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.826504946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.826802969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.827435017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:58.827478886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.145493984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.163671970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.163780928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.163867950 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.164175034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.164443970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.165605068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.167929888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.168343067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.168564081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.168612957 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.168629885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.168675900 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.169198036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.169275999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.169467926 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.169581890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.169640064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.170444012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.170536041 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.516716003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.516746044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.516822100 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.518095970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.518258095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.519218922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.519273043 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.519543886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.519591093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.519768953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.519783974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.519850969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.519881964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.520937920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.521962881 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.522041082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.522059917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.522073984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.522237062 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.522886038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.522933960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.523691893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.523706913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.523756981 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.523761034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.523775101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.523823023 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.523848057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.524374008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.524490118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.524537086 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.524547100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.525001049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.525048971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.525051117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.525093079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.525105000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.525155067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.525199890 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.525749922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.525830984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.525883913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.525959015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.526026011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.526071072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.526115894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.526295900 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.526707888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.526755095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.527427912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.527470112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.527502060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.527551889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.527597904 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.527630091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.527704954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.527754068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.530941010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.530955076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.530975103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.531006098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.666811943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.865317106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.865605116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.865675926 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.865757942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.866411924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.866473913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.866513014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.866549015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.866626024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.866626024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.866828918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.866879940 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.870661020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.870830059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.870883942 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.871747971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.871915102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.871984005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.871984959 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:30:59.963612080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.223191023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.223999977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.224088907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.224093914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.224111080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.224148989 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.224334955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.224381924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.224422932 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.225395918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.225627899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.225667953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.225673914 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.226121902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.226161957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.226183891 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.226418018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.226466894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.227451086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.228305101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.228328943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.228346109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.228364944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.228405952 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.228416920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.228435993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.228475094 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.229928970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.229967117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.230007887 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.230144024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.230190992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.230235100 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.231004000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.231070042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.231125116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.231695890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.231772900 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.231806993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.231812000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.232981920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.233025074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.233040094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.233069897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.233110905 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.233727932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.233753920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.233799934 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.233814001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.234929085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.234946012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.234972000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.235830069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.235881090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.236547947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.236574888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.236613035 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.236713886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.237232924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.237278938 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.237319946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.369852066 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.572547913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.572604895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.572655916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.572665930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.572863102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.572911024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.573478937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.573585033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.573635101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.574259043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.574351072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.574407101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.574439049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.574608088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.574644089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.574656010 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.574783087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.574872017 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.577183008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.666749001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.923319101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.923345089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.923433065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.923662901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.924638033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.924717903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.924719095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.924757004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.924819946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.924850941 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.924895048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.924957991 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.925108910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.925657034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.925714016 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.925901890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.925940037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.925992966 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.926531076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.926909924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.926949978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.926970005 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.927344084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.927406073 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.928059101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.928168058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.928205967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.928257942 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.928303003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.928359032 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.928570032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.928607941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.928661108 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.928885937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.928934097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.928986073 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.929225922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.929263115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.929316044 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.929644108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.929728985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.929785013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.930150986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.930212975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.930278063 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.930289030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.930680037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.930787086 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.931246042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.931284904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.931356907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.931380987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.931432009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.931494951 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.931598902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.932274103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.932317019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.932353973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.932353973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:00.932409048 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.271512985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.271559000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.271590948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.271611929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.271868944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.271913052 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.272800922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.272916079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.272954941 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.273178101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.273288012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.273329973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.273432016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.273638964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.273683071 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.274626970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.275230885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.275284052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.275285959 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.446789980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.619446039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.619853020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.619921923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.619959116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.620326042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.620392084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.620426893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.620454073 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.620486021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.620518923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.620965004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.621020079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.621032000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.621248960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.621285915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.621295929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.621335983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.621395111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.621443033 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.622041941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.622107983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.622159004 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.622199059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.622246981 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.622387886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.622440100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.622488976 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.622492075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.623169899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.623224974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.623225927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.623258114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.623306990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.623588085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.623698950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.623733997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.623800993 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.624349117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.624399900 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.624573946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.624680996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.624819040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.624870062 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.624891996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.624954939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.625004053 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.625017881 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.625081062 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.625235081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.625272989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.625325918 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.625659943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.625746012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.625794888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.626034975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.626916885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.627073050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.627139091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.627146006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.627667904 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.963920116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.964309931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.964839935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.964919090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.964924097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.965416908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.965456963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.965476990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.965522051 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.968880892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.969271898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.969953060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.970041990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.970515013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.970571041 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.970582962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.971292019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.971359968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:01.971720934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.057356119 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.318833113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.318888903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.318929911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.318957090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.319178104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.319227934 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.319762945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.319843054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.319880009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.319896936 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.319932938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.319976091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.320005894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.320741892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.320796967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.321024895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.321105957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.321154118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.321177959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.321538925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.321588039 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.321634054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.321687937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.321728945 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.322396994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.322459936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.322586060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.322623014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.322637081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.322685003 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.323357105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.323451996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.323539972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.323559046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.323596001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.323832035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.323846102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.324337959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.324398041 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.324882984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.325016975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.325074911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.325155973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.325193882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.325248957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.325303078 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.325741053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.325793028 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.325997114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.326236010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.326726913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.326896906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.326958895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.326994896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.327042103 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.327698946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.327754021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.328244925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.328305960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.328363895 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.575448036 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.665303946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.665349007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.665436983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.666254044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.666467905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.666518927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.666620970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.669079065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.669153929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.669287920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.669441938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.669488907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.669495106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.669734001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.669778109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.670236111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.670295000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.670322895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.670380116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.760288954 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.764228106 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.797898054 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.985215902 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.985253096 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.985270023 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.985306025 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.985323906 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.985411882 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.021217108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.021282911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.021321058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.021393061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.021800995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.021841049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.021874905 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.021970987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.022011995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.022025108 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.022382975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.022422075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.022442102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.023034096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.023087978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.023293972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.023335934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.023392916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.023854971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.023894072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.023966074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.023969889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.024043083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.024079084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.024090052 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.024118900 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.024173021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.024863958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.025029898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.025104046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.025289059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.025327921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.025369883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.025415897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.025494099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.025660038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.025928974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.026254892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.026340008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.026376009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.026392937 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.026417017 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.026433945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.026504040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.026710987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.027600050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.027725935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.027858019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.027894974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.027918100 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.027960062 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.028292894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.028330088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.028395891 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.028413057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.028960943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.029046059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.029112101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.029654026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.029719114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.029730082 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.166745901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170409918 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170433998 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170453072 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170469999 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170485973 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170500040 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170502901 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170519114 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170526028 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170536995 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170543909 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170579910 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.355868101 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.355892897 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.355954885 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.355973005 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.355979919 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.355990887 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356008053 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356015921 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356049061 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356057882 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356108904 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356126070 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356158018 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356415987 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356477022 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356523037 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356589079 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356626034 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356662989 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356674910 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356723070 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356743097 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356764078 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.356977940 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.373130083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.373172045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.373652935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.373929977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.373997927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.374059916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.374310970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.374373913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.374443054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.374495983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.374551058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.374691010 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.374820948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.375349998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.375423908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.375430107 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.375499010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.375552893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.375613928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541114092 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541198969 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541290045 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541289091 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541327953 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541367054 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541404009 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541428089 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541440964 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541460991 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541481018 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541517973 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541553974 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541574955 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541590929 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541621923 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541646004 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541733027 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541800976 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541795015 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541862011 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541897058 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541934967 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.541975975 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542010069 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542012930 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542049885 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542085886 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542110920 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542135000 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542149067 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542256117 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542308092 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542342901 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542361975 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542380095 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542422056 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542428017 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542458057 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542493105 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542527914 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542529106 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542558908 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542568922 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542606115 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542642117 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542651892 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.542702913 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.720385075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.721914053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.721987963 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.721995115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722244024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722299099 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722302914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722376108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722434998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722484112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722515106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722560883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722598076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722685099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722733974 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722740889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722801924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722826004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.722855091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.723936081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.723965883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.723989964 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.724052906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.724081993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.724124908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.724128962 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.724286079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.724510908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.724560976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.724762917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.725330114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.725394964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.725563049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.726046085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.726084948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.726135969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.726152897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.726221085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.726267099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.726269007 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.726821899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.726881981 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.726947069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.727008104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.727065086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.727078915 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.727092981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.727138996 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.727318048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.728030920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.728049040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.728080988 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.728105068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.728241920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.728272915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.728338957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.728403091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.729306936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.729861975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.729878902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.729929924 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730082989 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730146885 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730194092 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730196953 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730272055 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730288982 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730321884 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730374098 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730396032 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730438948 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730458975 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730516911 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730525017 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730541945 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730588913 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730592012 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730652094 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730690002 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730709076 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730726004 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730762959 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730794907 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730820894 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730850935 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730901003 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.730943918 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731013060 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731014013 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731029034 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731123924 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731141090 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731169939 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731187105 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731206894 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731247902 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731265068 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731285095 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731333971 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731372118 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731409073 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731424093 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731462002 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731492996 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731548071 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731574059 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731599092 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731631994 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731657982 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731687069 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731756926 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731801033 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731828928 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731925964 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731962919 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.731978893 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732032061 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732069969 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732084036 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732135057 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732158899 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732193947 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732232094 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732276917 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732280016 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732337952 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732361078 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732383966 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732426882 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732460976 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732485056 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732531071 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732566118 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732595921 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732625961 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732664108 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732692003 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732707977 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732769012 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732809067 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732817888 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732857943 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732912064 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732928038 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.732976913 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.733009100 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.733118057 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.733163118 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.733215094 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.733246088 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.733294964 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.733305931 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.733421087 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.733467102 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.733475924 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.733537912 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.733679056 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.858108044 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.916419029 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.916457891 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.916531086 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.916567087 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.916642904 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.916726112 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.916779041 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.916784048 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.916838884 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.916879892 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.916960955 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917030096 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917041063 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917083025 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917140007 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917148113 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917221069 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917251110 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917277098 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917366028 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917423010 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917431116 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917479992 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917627096 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917679071 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917740107 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917788029 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917870045 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.917922020 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918010950 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918059111 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918227911 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918277025 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918319941 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918421984 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918530941 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918581963 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918639898 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918687105 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918699026 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918741941 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918777943 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918827057 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918864012 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918880939 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918912888 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918925047 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918973923 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.918998957 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919037104 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919073105 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919120073 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919145107 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919166088 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919192076 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919210911 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919296026 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919312000 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919344902 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919370890 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919375896 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919446945 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919464111 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919496059 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919539928 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919579983 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919604063 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919614077 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919653893 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919668913 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919691086 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919744015 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919801950 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919811010 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919852972 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919857025 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919910908 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.919985056 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920072079 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920166016 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920222998 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920223951 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920290947 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920341969 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920371056 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920414925 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920480967 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920528889 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920579910 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920634985 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920646906 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920752048 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920806885 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920834064 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920937061 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.920993090 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921010971 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921081066 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921127081 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921176910 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921202898 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921224117 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921266079 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921277046 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921314955 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921327114 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921389103 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921473980 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921509027 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921572924 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921634912 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921678066 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921742916 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921792030 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921823978 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921917915 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.921994925 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922014952 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922084093 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922139883 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922142982 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922198057 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922267914 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922318935 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922327042 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922375917 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922391891 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922415972 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922460079 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922466993 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922494888 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922569990 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922594070 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922619104 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922657967 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922681093 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922688007 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922739983 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922754049 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922805071 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922833920 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922851086 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922878981 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922928095 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.922976017 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923012018 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923064947 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923080921 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923151016 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923202991 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923230886 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923249006 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923280001 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923290014 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923386097 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923475027 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923491001 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923522949 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923551083 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923597097 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923672915 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923722982 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923789978 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923897028 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923959970 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.923970938 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924024105 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924092054 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924125910 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924144030 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924175024 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924180031 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924247980 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924299002 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924302101 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924365044 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924395084 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924460888 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924504995 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924509048 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924510002 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924585104 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924617052 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924658060 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924691916 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924715996 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924737930 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924772978 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924849033 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.924897909 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.930419922 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.068208933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.068270922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.068351984 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.073254108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.073749065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.073812962 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.073817015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.074235916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.074290037 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.074439049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.074521065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.074594975 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.074729919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.074862003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.074901104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.074904919 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.075185061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.075242043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.075300932 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.101541996 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.101583958 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.101623058 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.101692915 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.101737022 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.101737022 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.101768970 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.101807117 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.101819038 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.101861954 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.101898909 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.101916075 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.101957083 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.101993084 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102045059 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102049112 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102122068 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102130890 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102202892 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102240086 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102298975 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102308035 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102346897 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102363110 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102488995 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102526903 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102582932 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102611065 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102636099 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102705956 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102745056 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102817059 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102870941 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102873087 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102926970 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102927923 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102965117 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.102999926 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103063107 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103064060 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103111982 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103135109 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103207111 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103254080 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103312969 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103326082 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103363037 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103378057 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103430033 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103499889 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103548050 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103558064 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103625059 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103631020 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103696108 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103743076 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103806019 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103806973 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103856087 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103872061 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103928089 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.103981018 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104034901 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104047060 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104084015 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104100943 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104154110 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104198933 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104283094 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104307890 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104335070 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104352951 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104402065 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104446888 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104506969 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104567051 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104619980 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104629040 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104684114 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104731083 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104792118 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104804993 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104859114 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104859114 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104916096 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.104991913 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105036974 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105045080 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105094910 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105096102 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105132103 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105168104 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105223894 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105228901 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105293989 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105300903 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105365992 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105401039 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105437040 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105456114 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105473042 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105487108 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105531931 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105586052 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105637074 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105638981 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105689049 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105691910 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105747938 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105801105 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105858088 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105870008 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105885983 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105916977 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105920076 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105932951 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105981112 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.105998039 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106044054 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106045961 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106136084 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106223106 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106240034 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106281996 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106302977 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106307030 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106497049 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106513977 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106547117 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106576920 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106622934 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106658936 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106676102 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106739044 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106787920 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106794119 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106837034 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106853962 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106870890 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106930971 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106967926 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106976032 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.106997013 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107027054 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107094049 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107117891 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107161045 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107171059 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107211113 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107242107 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107265949 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107316971 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107342958 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107347965 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107388973 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107398033 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107475042 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107523918 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107527018 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107544899 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107609987 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107630968 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107635975 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107697964 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107744932 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107757092 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107803106 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107831001 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107883930 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107929945 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107973099 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.107984066 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.108031988 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.108042955 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.108062983 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.108144999 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.108145952 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.108206034 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.108380079 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.424211979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.424277067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.424350977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.424417019 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.424618959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.424685955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.424765110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.424901009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.424952984 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.425024033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.425129890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.425180912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.425214052 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.425247908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.425295115 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.425957918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.425976038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.426084042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.426132917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.427181005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.427232981 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.427248955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.427318096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.427382946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.427424908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.427689075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.427735090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.428626060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.429522991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.429672956 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.429707050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.429897070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.429944992 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.430001020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.430614948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.430660963 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.430664062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.431143999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.431217909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.431261063 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.431287050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.431396008 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.431940079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.432002068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.432121038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.432141066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.432799101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.432843924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.432862043 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.433368921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.433413982 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.433526039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.433784962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.433831930 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.433883905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.434855938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.434957981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.434982061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.435024977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.435082912 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.435347080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.435817957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.436077118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.776360989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.776386023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.776465893 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.781497002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.781514883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.781531096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.781578064 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.781656027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.781923056 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.782330036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.782490969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.782512903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.782530069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.782562017 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.782620907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.782990932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.783016920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.783163071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:04.783236980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.130594969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.131685019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.131745100 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.131798983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.131850958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.131952047 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.131962061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.132018089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.132076025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.132142067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.132169008 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.132195950 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.132601023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.132652998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.132708073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.132767916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.132817984 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.133052111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.133152008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.133219004 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.133413076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.133479118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.133662939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.134656906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.135164022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.135209084 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.135257006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140189886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140252113 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140271902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140306950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140367031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140424967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140464067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140470982 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140530109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140571117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140623093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140641928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140662909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140664101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140753031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140773058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140813112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140856981 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140870094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140887022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140949965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.140995026 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.141055107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.141067982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.141084909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.141125917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.141170979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.141243935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.141256094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.141294003 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.478796005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.478816032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.478827953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.478883982 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.479702950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.479717016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.479780912 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.479885101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.479899883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.479983091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.482763052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.482867956 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.482919931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.482938051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.482990026 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.483439922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.483596087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.483674049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.483771086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.566941977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.832392931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.832710028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.832765102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.832806110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.832916975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.833002090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.833048105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.833131075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.833436012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.833481073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.833488941 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.833523989 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.833556890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.834055901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.834132910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.834180117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.834595919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.834646940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.834692955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.834736109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.834835052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.834880114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.835087061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.835128069 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.835649014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.835704088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.835747004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.835752964 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.835783005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.835838079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.835881948 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.836864948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.836896896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.836946011 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.837024927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.837065935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.837219000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.837326050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.837366104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.837368965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.837959051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.838005066 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.838016033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.838109016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.838126898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.838170052 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.838211060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.838258028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.838299990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.838902950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.838948011 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.839232922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.839283943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.839329004 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.839421034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.839469910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.839512110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.839515924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.839956999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.840117931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:05.840167046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.178250074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.178282976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.178391933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.178435087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.178935051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.179402113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.179449081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.179461002 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.179502010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.179554939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.182121992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.182723045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.182784081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.182790995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.183362007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.183413982 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.183706045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.183756113 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.183765888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.266217947 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.272957087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.613877058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.614811897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.614833117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.614911079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.615536928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.615587950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.615638971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.615653038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.615678072 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.615706921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.615770102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.615808964 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.615833044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.616446018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.616504908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.616547108 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.616759062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.616826057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.616861105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.616867065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.616899967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.617816925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.618444920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.618498087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.618525982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.618539095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.618577957 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.619832993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.620606899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.620672941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.620722055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.621833086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.621864080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.621902943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.621948004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.622026920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.622064114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.622306108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.622323990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.622343063 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.622368097 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623048067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623131037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623167038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623172998 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623222113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623260021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623450041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623462915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623486042 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623511076 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623766899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623809099 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623832941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623877048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.623918056 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.624480009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.624540091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.624582052 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.624927998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.625010014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.625066042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.625122070 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.653696060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.961065054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.961824894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.961906910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.961937904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.962470055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.962537050 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.962572098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.962634087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.962940931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.962990999 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.967957973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.968003035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.968070030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.968322992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.968826056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.968883038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.968897104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.968916893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:06.969011068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.313278913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.313769102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.313843966 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.314292908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.314369917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.314388037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.314444065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.314734936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.314790964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.314805984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.314851999 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.314995050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.315181971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.315289021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.315387964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.315445900 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.315501928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.315701008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.315965891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.316034079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.316188097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.316252947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.316381931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.316431046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.316564083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.316580057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.316627979 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.317434072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.317481041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.317497015 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.317523956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.317682981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.317730904 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.317786932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.317847013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.317967892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.318552017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.318598986 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.318608046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.318701029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.318762064 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.319396019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.320916891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.321108103 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.321815968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.321907997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.321990013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.322038889 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.322062969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.322346926 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.322474003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.322912931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.322967052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.322988987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.323043108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.323086977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.323103905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.323208094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.323327065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.324135065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.367822886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.664860964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.664882898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.665009022 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.666779041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.667280912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.667344093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.667728901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.667834997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.667891026 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.668126106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.668226004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.668283939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.668615103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.668658018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.668706894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.669411898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.670178890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.670216084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.670264006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:07.754118919 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.030250072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.030282021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.030320883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.030389071 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.030740976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.030975103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.031016111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.031037092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.031070948 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.031299114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.031830072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.031879902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.031933069 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.032049894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.032107115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.032159090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.032255888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.032331944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.032383919 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.032699108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.032784939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.032808065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.032866001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.032921076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.032928944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.032958031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.033071995 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.033241987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.033281088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.033339024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.033540964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.033631086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.033682108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.033711910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.033746958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.033797979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.033855915 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.034039974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.034128904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.034183025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.034185886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.034240007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.034277916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.034291983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.034321070 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.035089016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.035197020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.035248995 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.035937071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.035954952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.036010027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.036016941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.036070108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.036119938 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.036151886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.037240982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.037307024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.037616968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.037674904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.037728071 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.377325058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.377852917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.377959013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.378308058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.378361940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.378416061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.382580996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.382926941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.383135080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.383200884 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.384157896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.384190083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.384253979 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.384309053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.384378910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.384778023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.384802103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.384886980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.387492895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.465033054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.729764938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.730323076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.730428934 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.730451107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.735709906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.735780954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.735836983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.735842943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.735937119 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.736413002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.736514091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.736529112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.736577034 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.736655951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.736730099 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.736763000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.736819983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.736871004 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.737273932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.737493038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.737577915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.737593889 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.737668037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.737726927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.738246918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.738289118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.738342047 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.738569975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.738581896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.738617897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.738626003 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.738859892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.738914967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.739176035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.739239931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.739301920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.740089893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.740129948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.740181923 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.740210056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.740272045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.740324020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.740552902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.740849972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.740917921 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.741617918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.741662025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.741714001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.741749048 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.741780043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.741839886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.742360115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.742407084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.742502928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.742562056 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.742688894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.742737055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.743298054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.743989944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:08.744044065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.078692913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.079329967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.079382896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.079391003 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.084449053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.084928036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.085289955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.085355043 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.085601091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.085997105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.086009979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.086066008 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.086077929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.086280107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.086309910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.086342096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.086404085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.086436987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.265902042 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.433263063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.433336020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.433388948 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.433917046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.434526920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.434580088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.434590101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.434905052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.434973001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.434981108 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.435333967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.435406923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.435458899 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.435910940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.435964108 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.436441898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.436511993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.436628103 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.436652899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.437486887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.437549114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.437688112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.437709093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.437829971 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.438086987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.438172102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.438184977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.438219070 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.439253092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.439302921 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.439652920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.440128088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.440269947 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.440319061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.440337896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.440390110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.440416098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.441632032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.441703081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.441764116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.442157984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.442285061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.442346096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.442395926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.442446947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.442447901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.443696022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.443763971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.443823099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.443859100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.443876028 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.443905115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.444211006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.444515944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.444950104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.445000887 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.445269108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.445765018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.445931911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.779545069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.779891968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.779953957 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.780333042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.784673929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.784728050 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.784732103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.784775019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.784827948 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.785425901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.785460949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.785536051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.785590887 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.785638094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.785689116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.786572933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.786634922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.786711931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.786750078 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:09.968997955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.130431890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.131021023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.131088018 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.131179094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.131422997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.131560087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.131608009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.131619930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.131689072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.131716013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.131836891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.131953955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.132169008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.132245064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.132298946 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.132467985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.132550955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.132683039 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.132832050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.133565903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.133610010 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.133754015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.134152889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.134207964 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.134258986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.134958982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.135021925 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.135380983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.136012077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.136069059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.136125088 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.136249065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.136307955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.136357069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.136378050 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.136410952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.136457920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.136873960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.136930943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.136977911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.137564898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.137633085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.137759924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.138108015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.138156891 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.138197899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.139012098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.139079094 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.139729977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.140188932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.140235901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.140388012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.140515089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.140568018 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.140589952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.140683889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.140741110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.141467094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.141511917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.141571999 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.478548050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.479599953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.479681015 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.479844093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.479895115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.480015039 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.480537891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.480618000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.480688095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.480736017 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.480923891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.480982065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.481578112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.481646061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.481859922 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.482254028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.482331991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.482398033 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.482904911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:10.656505108 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.002808094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.003456116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.003530979 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.009604931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.009809971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.010227919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.010288954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.010288000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.010324955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.010340929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.010394096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.011255980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.011622906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.012178898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.012262106 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.012408018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.012835026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.012891054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.013292074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.013509035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.013560057 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.014034033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.014729023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.014796019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.014832020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.014851093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.014878035 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.015115023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.015156031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.015209913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.015676022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.016498089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.016566038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.016861916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.017333984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.017610073 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.017990112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.018038988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.018161058 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.018452883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.018779993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.018830061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.019398928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.020057917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.020116091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.020119905 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.020152092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.020205021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.020281076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.020661116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.020708084 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.020802975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.022164106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.022202969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.022214890 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.022404909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.022461891 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.022599936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.022654057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.022696972 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.347767115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.349069118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.349082947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.349564075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.357925892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.358000994 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.358077049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.358089924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.358136892 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.358685970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.358867884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.358916998 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.358949900 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.359018087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.359074116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.359107971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.359405041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.359472990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.359616041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.469084978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.706701040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.707114935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.707159042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.707186937 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.707212925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.707346916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.707427979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.707482100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.707525015 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.707736015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.708262920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.708307981 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.708332062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.708399057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.708446980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.708810091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.708848953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.708889961 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.708918095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.709168911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.709211111 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.709228992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.709295988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.709341049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.710258007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.710387945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.710433006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.710441113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.710459948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.710499048 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.710510969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.710794926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.710846901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.710850954 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.710882902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.710922956 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.711296082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.711354017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.711397886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.711421967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.711602926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.711649895 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.712310076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.712376118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.712428093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.712440014 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.712547064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.712590933 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.712910891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.713006973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.713049889 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.713160038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.713200092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.713241100 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.713244915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.713310003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.713351011 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.713790894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.714102983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:11.714148045 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.100641966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.100820065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.100888968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.101294041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.101871967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.101919889 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.103087902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.104679108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.104726076 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.104743004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.105200052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.105247021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.105366945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.105684996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.105732918 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.106745005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.106834888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.106874943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.108817101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.108840942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.108906984 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.458638906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.458656073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.458882093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.459244967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.460283995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.460299015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.460311890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.460347891 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.460411072 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.460479021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.461971045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.462014914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.462032080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.462907076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.462964058 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.462966919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.463013887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.463068962 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.464066982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.464730024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.464824915 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.465104103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.466789961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.466847897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.466865063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.466967106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.467140913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.467351913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.467525005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.467577934 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.467866898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.469856977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.469893932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.469917059 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.470179081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.470233917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.470402002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.470439911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.470489025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.470606089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.472142935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.472203016 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.472759962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.473004103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.473053932 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.473222017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.473342896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.473407984 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.473491907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.473555088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.473604918 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.474590063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.475234985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.475282907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.475317001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.475322008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.475370884 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.475920916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.476236105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.476289988 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.476737022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.656618118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.831871033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.831996918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.832057953 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.832343102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.833502054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.833569050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.833631992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.833652973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.833683968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.833688021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.833753109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.833786964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.833801985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.834314108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.834372044 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.834382057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.834431887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.834490061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.834505081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:12.969135046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.187871933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.188050985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.188230991 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.188263893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.188338041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.188487053 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.188561916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.188927889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.188985109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.190148115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.190418005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.190479994 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.191529989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.191848993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.191900969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.192197084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.192240000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.192286968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.192395926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.192496061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.192547083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.193957090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.194029093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.194082022 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.194353104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.194960117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.195014954 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.195043087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.195154905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.195205927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.196325064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.196770906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.197052956 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.197516918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.198255062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.198292971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.198334932 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.198349953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.198401928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.198851109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.199398041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.199450970 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.200721979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.201030970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.201086998 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.201112032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.201149940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.201206923 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.201803923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.201945066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.202007055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.203928947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.204099894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.204118013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.204253912 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.204464912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.204521894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.205027103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.205113888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.205163002 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.208362103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.265904903 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.552393913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.552505016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.552670002 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.552860975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553030014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553083897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553170919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553190947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553206921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553240061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553405046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553452969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553596020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553615093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553632975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553652048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553664923 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553669930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.553706884 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.580974102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.819513083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.927958965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.928709984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.928761005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.928780079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.929311991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.929356098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.929380894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.929441929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.929495096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.930363894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.930706024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.930757999 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.930877924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.930975914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.931025982 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.931297064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.931313992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.931369066 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.931401968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.932178974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.932248116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.932286024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.933212042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.933262110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.933263063 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.933387041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.933444977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.933458090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.933732033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.933788061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.933870077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.934664965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.934715986 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.935174942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.935216904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.935256004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.935267925 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.935455084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.935508013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.935580015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.937382936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.937499046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.937503099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.937550068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.937601089 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.937690020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.937756062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.937786102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.937810898 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.942229986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.942248106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.942264080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.942280054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.942287922 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.942296028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.942310095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.942313910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.942361116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.942368984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.942424059 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.944679976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:13.944730997 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.205933094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.279140949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.279442072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.279491901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.280011892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.280087948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.280141115 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.280267954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.280885935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.280947924 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.281006098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.281019926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.281084061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.281909943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.282128096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.282140970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.282176971 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.282686949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.282700062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.282758951 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.469105005 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.641350985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.641474009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.641649961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.641681910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.644011021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.644253969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.644304037 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.645327091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.645565033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.645579100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.645597935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.646222115 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.646636009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.647423029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.647461891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.647512913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.647543907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.647568941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.647608995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.647638083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.648098946 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.649061918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.650636911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.650650024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.650722027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.650734901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.650749922 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.650801897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.650824070 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.650986910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.651338100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.652623892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.652761936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.652774096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.652789116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.652813911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.652827978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.652895927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.653325081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.653687954 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.654886961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.654901028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.655069113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.655081987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.655126095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.655180931 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.655716896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.656019926 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.656526089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.656604052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.656748056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.656784058 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.657248020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.657260895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.657922983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.658329010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.658451080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.658485889 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.658931971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.658943892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:14.659106970 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.035254002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.035288095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.035387039 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.036400080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.036422014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.036562920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.036598921 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.037221909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.037323952 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.037353992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.038230896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.039094925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.039129019 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.039165020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.039223909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.039244890 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.039271116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.039920092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.040258884 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.411647081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.411668062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.411833048 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.412605047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.412764072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.412811995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.412955999 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.413208961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.413342953 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.414051056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.414158106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.414936066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.415014982 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.415860891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.416008949 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.416171074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.416671991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.416770935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.417602062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.417700052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.417762041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.418414116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.418893099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.418948889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.418986082 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.419008970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.419251919 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.419421911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.419464111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.419560909 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.420697927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.420749903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.420799971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.420953035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.420990944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.421375990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.421422958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.421458006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.422285080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.422591925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.423142910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.423435926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.423475027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.423645973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.423907042 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.425601959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.425693035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.425842047 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.425921917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.426465034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.427880049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.428237915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.428491116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.428584099 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.429404020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.429496050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.429589987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.429624081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.430267096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.430680990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.432349920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.577758074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.833780050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.834256887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.834379911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.835340023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.835403919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.835455894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.835468054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.835493088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.835539103 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.835896969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.835953951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.836003065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.836595058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.837347031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.837400913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.838038921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.838063955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.838085890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:15.838140011 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.205733061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.210040092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.210201025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.211410046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.211514950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.211570024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.211776972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.211849928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.211895943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.211900949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.214068890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.214118958 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.214706898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.215230942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.215286016 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.216368914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.216439009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.216490030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.216557026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.217916012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.217966080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.218008041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.218765974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.218897104 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.219656944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.219686985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.219918966 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.220731020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.220812082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.220896006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.220962048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.222233057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.222284079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.222784042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.222810984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.222919941 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.224005938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.224339962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.224581957 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.225264072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.225841045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.225912094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.225965977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.226172924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.226223946 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.226784945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.226850033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.226897955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.227682114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.228327036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.228418112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.228451967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.230170965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.230228901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.230422974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.230820894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.230873108 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.231673956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.232667923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.232692003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.232743025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.558672905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.558844090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.559180021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.559238911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.560059071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.560076952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.560125113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.560131073 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.560180902 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.564297915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.564579010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.564678907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.564915895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.565279007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.565330029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.565332890 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.565588951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.565670013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.565917969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.566010952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.566060066 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.947458029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.947547913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.947597027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.947932959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.948013067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.948254108 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.948360920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.949404955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.949457884 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.949520111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.949625969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.949666023 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.949906111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.950305939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.950359106 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.951131105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.952231884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.952296972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.952342987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.952439070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.952569962 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.952964067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.953054905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.953099012 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.954314947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.954523087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.954571009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.954600096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.955162048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.955209017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.955210924 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.955271959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.955329895 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.956501007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.956547976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.956604004 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.956739902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.957340956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.957391024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.957967997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.958009958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.958067894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.959111929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.959161043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.959229946 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.959712982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.961234093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.961285114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.961947918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.963449955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.964108944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.964147091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.964257956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.964332104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.964385033 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.964869022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.965735912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.965789080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.966360092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.966730118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:16.966804981 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.319231987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.319272995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.319308996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.319366932 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.319853067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.319905996 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.319917917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.319964886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.320058107 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.320768118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.320821047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.320979118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.321418047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.322057962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.322128057 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.322144032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.322407961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.322446108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.322480917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.468985081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.706379890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.707762957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.707839012 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.708267927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.708309889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.708533049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.708599091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.708620071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.708830118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.708875895 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.710266113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.710318089 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.710347891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.710417032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.710464001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.710731983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.711313963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.711333036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.711364985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.712419987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.712471008 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.712485075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.712529898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.712577105 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.713052988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.713351011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.713402987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.713449001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.714740038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.714787006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.714798927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.714837074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.714905024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.715531111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.715579033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.715663910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.715842009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.717078924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.717130899 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.717581987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.717695951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.717833996 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.718097925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.718265057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.718589067 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.719073057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.719692945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.719758034 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.720843077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.720891953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.720951080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.720954895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.721085072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.721142054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.721188068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.722323895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.722387075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.723953962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.724026918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.724077940 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.724091053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:17.765842915 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.058326006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.058346033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.058413029 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.058811903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.059659958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.059792995 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.060169935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.060237885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.060271978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.060319901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.061049938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.061100006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.062102079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.062186956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.062269926 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.062804937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.063493013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.063519001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.063586950 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.113992929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.427159071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.427194118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.427395105 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.427791119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.428675890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.428850889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.428904057 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.428961039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.429049969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.429063082 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.429220915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.429265022 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.431488037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.432010889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.432095051 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.432557106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.432656050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.432701111 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.433077097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.433099031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.433182001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.440202951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.440237045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.440296888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.440361023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.440382957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.440407038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.440464973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.440531015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.440581083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.441560030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.441915989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.441970110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.442164898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.442331076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.442348003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.442389965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.442944050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.442996025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.443315029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.444550991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.444668055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.444703102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.444875956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.444922924 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.445046902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.445065975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.445128918 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.446150064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.446316004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.446368933 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.447381020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.447559118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.447581053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.447632074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.448088884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.448303938 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.449362993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.449379921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.449441910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.780821085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.780968904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.781019926 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.782100916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.782119036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.782186985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.782306910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.782375097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.782427073 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.783617020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.784722090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.784991026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.785057068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.786015034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.786091089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.786118984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.786154032 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.786194086 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.786907911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:18.937623024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.145344019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.146153927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.146174908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.146210909 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.146347046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.146394968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.146430016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.146975994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.147020102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.147022009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.147211075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.147810936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.147851944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.148312092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.148360014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.148403883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.148428917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.148471117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.148971081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.149008989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.149054050 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.150693893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.151474953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.151551962 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.152368069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.152419090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.152477026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.152518988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.152527094 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.152559996 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.152647972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.154275894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.154340982 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.155919075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.156034946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.156080008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.156100035 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.156611919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.156691074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.157027006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.157139063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.157386065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.157672882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.157748938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.157829046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.158226013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.159015894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.159085035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.159115076 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.159131050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.159239054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.159746885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.159816027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.159887075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.160608053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.160681963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.160778046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.160810947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.265933990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.310152054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.311052084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.311103106 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.528976917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.529005051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.529021025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.529073000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.529218912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.529246092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.529292107 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.529314995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.529359102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.530284882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.530307055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.530359030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.530898094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.530972004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.531018972 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.531502008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.531543970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.531656027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.885987997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.886677980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.886742115 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.886807919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.887000084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.887065887 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.887886047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.888267040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.888346910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.888787985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.888792992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.889229059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.889257908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.889720917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.889867067 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.890975952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.891074896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.891108990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.891208887 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.892486095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.892546892 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.892579079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.893002987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.893337965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.894221067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.894294977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.894334078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.894383907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.895071983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.895226955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.895426989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.895787954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.895950079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.896773100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.896819115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.896899939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.897034883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.897572041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.897722960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.897778988 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.898459911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.898896933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.898977995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.899007082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.899034977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.899214029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.899349928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.899758101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.900110960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.900269032 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.900437117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.900479078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.900527954 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.900794029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.901202917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.901257992 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.901264906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.901685953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.901735067 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:19.901767969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.033978939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.246074915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.246146917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.246195078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.246198893 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.246237040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.246370077 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.246395111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.247204065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.247257948 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.247745037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.247813940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.247869968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.247911930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.247961998 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.248047113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.248878002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.248960972 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.248966932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.364427090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.597461939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.598274946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.598963976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.599242926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.599303961 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.599672079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.599940062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.600279093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.600781918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.600857973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.600904942 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.601073027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.602241993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.602293015 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.602313995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.602370024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.602421999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.602463007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.602471113 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.603157043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.603199005 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.603950024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.603993893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.604053974 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.604202032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.604258060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.604301929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.604341984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.605277061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.605441093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.608937979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.608961105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.608990908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.609019995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.609050989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.609097958 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.609560966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.609576941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.609620094 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.610318899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.610363960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.611464024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.611527920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.611567020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.611573935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.611836910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.611881971 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.611888885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.612374067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.613658905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.613708019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.613718987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.614480972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.614584923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.614639044 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.614665985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.614680052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.614727020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.614980936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.667191029 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.937731028 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.937778950 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.937861919 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.950274944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.950488091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.950642109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.950684071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.950954914 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.951000929 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.951212883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.951284885 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.951616049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.951700926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.951759100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.951812029 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.951833963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.951898098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.951904058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.952481985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.952531099 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.952558994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.952616930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.952634096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.952727079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.955106020 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.955179930 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.956080914 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.956878901 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.956912041 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.057782888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.324784994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.325109005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.325123072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.325172901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.325512886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.325566053 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.327069998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.328881979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.329067945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.329112053 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.329379082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.329442024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.329447985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.329518080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.329561949 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.331007957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.331899881 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.331943035 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.331971884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.332535982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.333009958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.333051920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.333285093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.333786011 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.334316969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.334676027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.334717035 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.334728956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.335350990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.335397005 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.335818052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.336282969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.336352110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.337858915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.337902069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.337958097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.338004112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.338794947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.338843107 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.339123964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.341108084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.341155052 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.341228008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.341311932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.341370106 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.342477083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.343786955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.343839884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.343890905 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.344062090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.344914913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.344965935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.344997883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.345041037 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.345066071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.346096039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.346142054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.347498894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.347552061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.348006964 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.363500118 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.363996983 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.364025116 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.365951061 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.366024971 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.370130062 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.370820045 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.370857000 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.372586012 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.372679949 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.374161005 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.374295950 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.374430895 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.374444008 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.376965046 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.377063036 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.432791948 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.432811022 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.464032888 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.542182922 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.697812080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.698048115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.698113918 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.699373007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.699424028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.699491978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.699496984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.701572895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.701625109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.701637983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.701805115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.702713013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.702755928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.702847958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.703000069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.703043938 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.704869032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.704919100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.704978943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.855626106 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.855701923 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.855736017 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.855756998 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.855813980 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.855817080 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.855843067 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.855865955 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.855896950 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.855912924 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.855978012 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.869440079 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.869505882 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.869524956 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.869582891 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.883390903 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.883451939 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.897279024 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.897350073 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.897356033 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.897371054 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.897468090 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.911024094 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.911143064 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.911241055 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.911680937 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.911705017 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.911736965 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:21.911910057 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.096002102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.096358061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.097045898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.097062111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.097120047 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.097120047 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.099237919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.099374056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.099390030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.099428892 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.099720955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.100110054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.100296021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.100467920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.100519896 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.102056980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.102088928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.102138996 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.102247953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.102940083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.102961063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.103012085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.103097916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.103209019 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.104049921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.104226112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.104362965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.104918957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.105065107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.105118036 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.107938051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.108107090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.108376026 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.108450890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.108649969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.108699083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.109057903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.109289885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.109306097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.109322071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.109335899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.109345913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.109350920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.109373093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.109391928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.109503984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.111085892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.111164093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.112315893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.112459898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.112513065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.113017082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.113037109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.113054037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.113090992 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.113368034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.113518953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.113567114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.114084959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.114103079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.114147902 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.467849016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.468004942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.468331099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.468394995 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.468868017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.469145060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.469197035 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.469717026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.469826937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.469877958 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.469880104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.469924927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.470673084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.470705032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.470824003 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.470956087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.470973015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.471033096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.472384930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.562479973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.823723078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.823796034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.824007988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.824069023 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.825160980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.825241089 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.825403929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.825586081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.825644970 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.825900078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.826023102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.826073885 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.826272011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.826900005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.827358007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.827383995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.827409029 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.827438116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.827645063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.827733994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.827747107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.827792883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.829305887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.829323053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.829354048 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.829603910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.829621077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.829667091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.830094099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.830223083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.830269098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.832262039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.832295895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.832340956 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.833007097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.833045959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.833051920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.833264112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.833307981 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.836508036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.837001085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.837057114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.837419033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.840167999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.840208054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.840256929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.840681076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.840728045 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.840756893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.841943979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.842003107 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.842817068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.844454050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.844517946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.844567060 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.844710112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.844765902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.844825983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.846266985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.846313953 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.847384930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:22.956079006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.196470976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.198201895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.198257923 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.198340893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.198662043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.198712111 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.198905945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.198945045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.198991060 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.199136972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.199729919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.200125933 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.200979948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.200995922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.201035976 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.201041937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.201056004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.201114893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.201117992 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.267966986 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.267996073 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.268081903 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.268214941 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.271672964 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.272480011 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.272492886 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.312247992 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.388006926 CET49748443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.388096094 CET4434974831.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.388170004 CET49748443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.401763916 CET49748443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.401796103 CET4434974831.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.413886070 CET49749443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.413903952 CET4434974931.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.413994074 CET49749443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.433851004 CET49749443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.433866978 CET4434974931.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.505486012 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.505585909 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.505584955 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.505646944 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.505676031 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.505722046 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.505732059 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.505750895 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.505776882 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.505781889 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.505824089 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.505836964 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.519212008 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.520417929 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.520431042 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.529778957 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.529937029 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.529949903 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.543862104 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.543898106 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.543924093 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.543941021 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.544256926 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.552767038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.553086996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.553137064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.553149939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.553360939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.553416014 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.553457975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.553472042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.553528070 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.554521084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.554559946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.554615974 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.555193901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.555865049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.555917025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.555919886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.555948973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.556082010 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.556670904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.556684971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.556732893 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.557698965 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.557779074 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.558054924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.558068991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.558082104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.558135986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.558145046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.558687925 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.558718920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.559000969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.559461117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.559509993 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.559855938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.559887886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.559945107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.560009003 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.560009003 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.560081959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.560879946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.560936928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.561297894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.561317921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.561381102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.561467886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.561569929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.561616898 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.562026024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.563479900 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.563493967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.563532114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.563555002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.563610077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.563656092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.563718081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.563818932 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.563889980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.564950943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.564986944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.565040112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.565123081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.565171957 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.676163912 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.689084053 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.689095020 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.690258026 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.690330029 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.703943968 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.703989029 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.704169035 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.704231977 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.710887909 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.710954905 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.710973024 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.716149092 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.716301918 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.724634886 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.724669933 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.724700928 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.724716902 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.724791050 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.738769054 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.738804102 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.738886118 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.738903046 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.752535105 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.752598047 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.752638102 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.752706051 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.752769947 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.766479015 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.766669035 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.766729116 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.768100023 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.768107891 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.780364037 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.780410051 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.780443907 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.780481100 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.780550957 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.793121099 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.793178082 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.804655075 CET4434974831.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.805394888 CET49748443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.805413961 CET4434974831.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.805536032 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.805599928 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.805646896 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.806394100 CET4434974831.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.806462049 CET49748443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.808079958 CET49748443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.808139086 CET4434974831.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.818339109 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.818453074 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.818470001 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.818525076 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.830732107 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.830774069 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.830813885 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.830825090 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.839526892 CET4434974931.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.840009928 CET49749443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.840018034 CET4434974931.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.841455936 CET4434974931.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.841561079 CET49749443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.842088938 CET49749443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.842164993 CET4434974931.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.843622923 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.843655109 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.843692064 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.843704939 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.843758106 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.861984015 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.862046003 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.862059116 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.862067938 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.862123013 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.902457952 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.902542114 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.907278061 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.907325029 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.907335043 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.907346964 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.907535076 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.912751913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.915081024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.915092945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.915152073 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.915168047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.915225983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.915945053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.916400909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.916445971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.916486979 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.917016983 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.917068958 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.917139053 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.917200089 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.919086933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.919137955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.919147015 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.919419050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.919430017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.919441938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.919451952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.919469118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.919496059 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.925638914 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.925684929 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.925708055 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.925729036 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.925916910 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.934761047 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.934830904 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.934843063 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.943619967 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.943691015 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.943705082 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.952707052 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.952771902 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.952812910 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.952827930 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.952893019 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.955683947 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.955854893 CET49749443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.955862045 CET4434974931.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.961576939 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.961638927 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.961694002 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.961707115 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.961780071 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.970493078 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.970593929 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.970716000 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.970729113 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.979585886 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.979635954 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.979652882 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.979667902 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.980745077 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.988631010 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.988749981 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.997478962 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.997539997 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:23.997551918 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.002006054 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.002091885 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.002105951 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.011061907 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.011086941 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.011131048 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.011146069 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.011197090 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.012238979 CET4434974831.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.012285948 CET49748443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.019906998 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.019972086 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.019993067 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.020011902 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.021240950 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.028928995 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.028997898 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.029083967 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.029098034 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.038053036 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.039608955 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.039622068 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.046926022 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.046969891 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.046983957 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.046998024 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.047096014 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.055876970 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.055933952 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.055944920 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.064667940 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.064732075 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.064750910 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.064804077 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.065062046 CET49749443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.072870016 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.072941065 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.072962046 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.073020935 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.081285000 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.081360102 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.089133024 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.089173079 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.089194059 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.089210033 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.089319944 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.097486973 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.097554922 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.097636938 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.097687006 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.105036020 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.105101109 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.112999916 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.113028049 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.113076925 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.113104105 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.113261938 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.120841980 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.120903969 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.120965958 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.120975018 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.125751019 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.125804901 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.125813007 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.130628109 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.130678892 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.130690098 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.130697012 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.130749941 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.135512114 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.135562897 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.135567904 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.135576010 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.135628939 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.140403986 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.140484095 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.145236969 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.145308971 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.145322084 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.145380020 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.149995089 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.150059938 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.150079012 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.150130987 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.154771090 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.154939890 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.159434080 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.159492970 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.159528017 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.159537077 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.159615993 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.164136887 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.164186954 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.168549061 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.173163891 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.173208952 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.174128056 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.174134970 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.174227953 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.177571058 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.177618027 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.177684069 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.177691936 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.177786112 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.182137966 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.182249069 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.186492920 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.186546087 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.186557055 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.186563015 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.186604023 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.190754890 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.190803051 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.190819979 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.190826893 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.190870047 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.195066929 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.195125103 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.195147991 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.195153952 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.195312023 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.199559927 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.199646950 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.203574896 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.203618050 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.203641891 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.203650951 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.203720093 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.207781076 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.207859039 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.207900047 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.207967997 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.212044001 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.212122917 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.216136932 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.216236115 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.216268063 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.216347933 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.220292091 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.220385075 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.220402956 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.220410109 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.220514059 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.224155903 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.224266052 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.228246927 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.228305101 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.228319883 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.228373051 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.232198954 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.232248068 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.232258081 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.232311010 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.236183882 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.236242056 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.236310959 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.236318111 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.240195036 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.240303040 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.240310907 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.243967056 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.244036913 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.244044065 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.244108915 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.244204044 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.244210005 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.247966051 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.248019934 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.248059034 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.248074055 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.248147011 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.251817942 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.251909971 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.255553961 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.255610943 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.255649090 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.255662918 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.255753040 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.259316921 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.259388924 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.259443998 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.259457111 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.259569883 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.263467073 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.263549089 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.266962051 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.267026901 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.267030954 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.267044067 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.267087936 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.267317057 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.269575119 CET49751443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.269635916 CET44349751172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.269720078 CET49751443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.270668030 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.270718098 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.270730972 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.270745039 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.271138906 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.273958921 CET49751443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.273994923 CET44349751172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.274410963 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.274466991 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.275203943 CET49752443192.168.2.4162.159.61.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.275240898 CET44349752162.159.61.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.275640011 CET49752443192.168.2.4162.159.61.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.276067972 CET49752443192.168.2.4162.159.61.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.276096106 CET44349752162.159.61.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.278186083 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.278228998 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.278245926 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.278259039 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.278431892 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.281795979 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.281840086 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.281857967 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.281871080 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.281932116 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.284830093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.285012007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.285098076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.285098076 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.285151005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.285218000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.285260916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.285348892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.285486937 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.285552025 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.285648108 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.286353111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.286492109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.286570072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.286586046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.286598921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.286662102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.286941051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.287025928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.287091970 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.287103891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.288126945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.288175106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.288253069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.288263083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.288330078 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.288522959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.288641930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.288738966 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.288836956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.289017916 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.289082050 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.289086103 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.289098978 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.289207935 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.289813042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.289896965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.289941072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.289978027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.290069103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.290117979 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.290602922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.290678024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.290716887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.291475058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.291541100 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.291589975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.291659117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.291726112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.291954041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.292324066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.292360067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.292432070 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.292504072 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.292543888 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.292577028 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.292588949 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.292694092 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.292728901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.292839050 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.293252945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.293565989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.293603897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.293628931 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.294059992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.294131994 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.294164896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.294900894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.294944048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.294967890 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.295358896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.295398951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.295461893 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.296020985 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.296091080 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.299554110 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.299612999 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.299635887 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.299685955 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.303111076 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.303159952 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.303369999 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.303376913 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.303426027 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.306569099 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.306637049 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.310098886 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.310187101 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.310264111 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.310318947 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.313580990 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.313678026 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.313735962 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.331024885 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.331056118 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.455704927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.602536917 CET44349751172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.606206894 CET44349752162.159.61.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.630765915 CET49751443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.630793095 CET44349751172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.631794930 CET49752443192.168.2.4162.159.61.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.631808043 CET44349752162.159.61.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.632375956 CET44349751172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.632476091 CET49751443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.635070086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.635368109 CET49751443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.635468006 CET44349751172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.635521889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.635632038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.635693073 CET44349752162.159.61.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.635793924 CET49752443192.168.2.4162.159.61.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.635940075 CET49751443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.635957003 CET44349751172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.636061907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.636380911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.636444092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.636789083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.637950897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.638056993 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.638094902 CET49752443192.168.2.4162.159.61.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.638168097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.638205051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.638293982 CET44349752162.159.61.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.638350010 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.638577938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.638742924 CET49752443192.168.2.4162.159.61.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.638756990 CET44349752162.159.61.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.639307976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.639374971 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.639414072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.639801979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.639874935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.768095016 CET49752443192.168.2.4162.159.61.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.840301037 CET44349751172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.842891932 CET49751443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.945333958 CET44349752162.159.61.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.945362091 CET44349751172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.945415020 CET44349752162.159.61.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.945452929 CET44349751172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.946204901 CET49752443192.168.2.4162.159.61.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.946204901 CET49751443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.946424007 CET49751443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.946434021 CET44349751172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.946913004 CET49752443192.168.2.4162.159.61.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.946916103 CET44349752162.159.61.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.996433020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.996455908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.996522903 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.996784925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.997525930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.997570038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.997874022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.998184919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.998231888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.998970032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.999047041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.999113083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.999594927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.000586033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.000636101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.000967026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.001488924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.001542091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.002382994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.002707958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.002731085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.003237009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.003305912 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.003957987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.004595041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.005768061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.005793095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.005840063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.007215977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.008842945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.008912086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.008960009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.009411097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.009742975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.009785891 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.011109114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.011126041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.012074947 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.012084007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.012945890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.013010979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.013179064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.013221025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.014754057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.014775038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.014827013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.014900923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.015533924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.015594959 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.015984058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.016025066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.016241074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.016948938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.017060995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.017122030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.017249107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.018090010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.018146038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.018425941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.064979076 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.344594002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.344907045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.345484018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.345556021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.345650911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.345679998 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.345727921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.345786095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.348834038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.349486113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.349539995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.349611998 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.349746943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.349796057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.349817038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.349921942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.349992037 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.350208998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.350285053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.350502968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.747731924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.748356104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.748409986 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.748991966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.749008894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.749058962 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.749118090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.749676943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.749694109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.749731064 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.749890089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.749934912 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.750588894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.750606060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.750653028 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.750675917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.750782967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.750874996 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.751597881 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.752108097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.752124071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.752159119 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.752383947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.752401114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.752468109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.752513885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.752933979 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.753295898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.753312111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.753360033 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.753741026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.753757954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.753806114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.754355907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.754374027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.754422903 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.754797935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.755373955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.755553007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.755590916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.755603075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.755846977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.755932093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.756010056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.756432056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.756479025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.757312059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.757329941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.757375956 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.757463932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.757507086 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.757566929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.757622004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.757667065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.758285999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.758801937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.758928061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.759156942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.759176016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.759232044 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.759828091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:25.955591917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.101938963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.102020025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.102063894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.102134943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.102166891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.102247000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.102287054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.103204966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.103281021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.103318930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.103353977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.103423119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.103478909 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.103902102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.103940964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.103965044 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.104386091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.104422092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.104494095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.478312016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.478519917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.478602886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.478668928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.478688955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.478720903 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.479141951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.479671955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.479933977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.480695963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.480731964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.480793953 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.480885983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.480925083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.480976105 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.481425047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.482794046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.482830048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.482889891 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.483400106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.483526945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.483563900 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.483584881 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.483604908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.484261990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.485502958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.485552073 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.485615015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.485743046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.485775948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.485785961 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.486139059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.486182928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.486303091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.487034082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.487080097 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.487296104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.487441063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.487514973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.487565041 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.488468885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.488485098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.488531113 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.488692045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.488735914 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.489130974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.489146948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.489191055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.489203930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.489541054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.489758968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.490164042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.490222931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.490266085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.490530014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.490607977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.490654945 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.490673065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.491699934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.491743088 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.492758989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.557019949 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.600589037 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.828242064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.828389883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.828650951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.828896999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.828948021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.829714060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.830246925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.830296040 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.831408024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.831485987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.834117889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.834170103 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.834955931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.835011005 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.835552931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.835599899 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.835648060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.835694075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.835916996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.835956097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.835963011 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.835999012 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.836144924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.836183071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.836229086 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:26.836241007 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.041593075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.187648058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.188616991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.188672066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.188671112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.188733101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.188874960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.189043045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.189264059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.189322948 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.189429998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.190270901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.190315962 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.190474033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.190495968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.190531969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.191416979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.191598892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.191646099 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.191684008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.191816092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.191857100 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.192179918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.192286015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.192497969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.192779064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.193079948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.193135023 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.193147898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.193418026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.193469048 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.194291115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.194351912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.194515944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.194921970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.195231915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.195292950 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.195300102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.195429087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.195487976 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.195904016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.195945978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.196213007 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.196576118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.196945906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.196984053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.197017908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.197662115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.197724104 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.197737932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.197757006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.197802067 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.197917938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.199124098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.199182987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.199182987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.199239016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.199635029 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.199805021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.200905085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.200963020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.201006889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.348037958 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.409914017 CET49757443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.409921885 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.409957886 CET44349757172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.409961939 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.410037994 CET49757443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.410115957 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.410566092 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.410587072 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.410964966 CET49757443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.410979033 CET44349757172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.543916941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.544495106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.544560909 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.544709921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.545469046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.545522928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.545563936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.545600891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.545638084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.545650959 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.546149015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.546211958 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.546261072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.547096968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.547162056 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.547705889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.547741890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.547777891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.547844887 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.625556946 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.728754044 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.728777885 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.729226112 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.729665995 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.729676008 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.762940884 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.763207912 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.763242006 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.764625072 CET44349757172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.765007019 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.765017033 CET49757443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.765033960 CET44349757172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.765088081 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.766483068 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.766489983 CET44349757172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.766547918 CET49757443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.766575098 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.767170906 CET49757443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.767249107 CET44349757172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.869513035 CET49757443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.869530916 CET44349757172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.899483919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.899591923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.899661064 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.899740934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.900823116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.900861979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.900901079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.900918007 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.900994062 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.900998116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.901308060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.901345968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.901372910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.902367115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.902406931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.902431965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.902478933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.902546883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.902936935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.902978897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.903059959 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.903637886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.903820038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.903892040 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.904627085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.904669046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.904762983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.905127048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.905278921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.905428886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.905452013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.906303883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.906389952 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.906481981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.906577110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.906636953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.906681061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.907237053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.907274961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.907308102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.907845020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.908257008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.908293962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.908325911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.908380985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.908814907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.909466028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.909528017 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.909847975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.909904957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.910000086 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.910681963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.910788059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.910859108 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.911171913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.911209106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.911278009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.911657095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.911695004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.911776066 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.947654963 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:27.947680950 CET44349756172.64.41.3192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.057025909 CET49757443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.133445978 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.134974957 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.134984970 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.135148048 CET49756443192.168.2.4172.64.41.3
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.135493040 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.135791063 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.136497021 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.136614084 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.137697935 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.137773991 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.138051033 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.138056040 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.138079882 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.184231043 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.244792938 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.281236887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.281446934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.281491041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.281507015 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.281791925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.281853914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.281904936 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.281999111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.282048941 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.282578945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.283410072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.283463001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.283777952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.283840895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.283878088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.283915997 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.283962965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.284043074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.284670115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.369509935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.470978022 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.643188000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.643296003 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.643321991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.643364906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.643402100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.643419027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.643471956 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.643826008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.643893957 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.644380093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.644423008 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.645271063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.645308971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.645351887 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.645365000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.645405054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.645442009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.645450115 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.647017956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.647068024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.647573948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.647629023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.647708893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.647753954 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.648004055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.648138046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.648183107 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.649714947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.649787903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.649833918 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.649878025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.649919987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.649975061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.650369883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.650425911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.651048899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.651086092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.651137114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.651396036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.651436090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.651835918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.651885033 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.652057886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.652770996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.652807951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.652827024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.652856112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.653913975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.654012918 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.654016018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.654053926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.654090881 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.654117107 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.654655933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.654757977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.655134916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.655181885 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.655375957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.655451059 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.655838966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.655885935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.655926943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.655973911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.655996084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.656042099 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.657185078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.657906055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708667040 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708726883 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708746910 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708765030 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708775997 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708794117 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708800077 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708812952 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708837986 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708856106 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708873987 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708887100 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708897114 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708909988 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.708924055 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.709124088 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.709161997 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.709173918 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.709187984 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.709209919 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.709212065 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.709235907 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.709270954 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.709275961 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.709297895 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.878629923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.901149988 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.901200056 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.901225090 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.901266098 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.901267052 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.901946068 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.901966095 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.901987076 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.901998997 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902012110 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902040958 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902060032 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902080059 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902097940 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902111053 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902122974 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902132034 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902143002 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902833939 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902853012 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902890921 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902894020 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902915955 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902921915 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902941942 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902964115 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.902991056 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.903882980 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.903924942 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.903942108 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.903950930 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.904006958 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.904012918 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.947624922 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.990474939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.991235018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.991271973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.991288900 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.992412090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.992450953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.992465973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.993422031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.993511915 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.993669987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.993707895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.993743896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.993789911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.995417118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.995476007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.995513916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.995520115 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.995552063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:28.995620012 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.093553066 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.093578100 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.093620062 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.093631029 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.093647003 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.093681097 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.093691111 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.093904972 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.094307899 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.094351053 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.094373941 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.094381094 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.094408035 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.094425917 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.095247030 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.095289946 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.095313072 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.095318079 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.095347881 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.095360041 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.096025944 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.096067905 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.096108913 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.096116066 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.096124887 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.096154928 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.096801996 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.096843958 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.096864939 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.096873045 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.096903086 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.096915960 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.097984076 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.098027945 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.098053932 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.098058939 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.098087072 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.098107100 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.098742008 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.098783970 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.098802090 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.098807096 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.098835945 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.098846912 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.104768991 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.285969019 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.286027908 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.286067963 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.286079884 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.286125898 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.286139965 CET49758443192.168.2.420.118.82.167
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.286461115 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.286504984 CET4434975820.118.82.167192.168.2.4
                                                                                                                                                                                                    Mar 10, 2024 17:31:29.286523104 CET49758443192.168.2.420.118.82.167

                                                                                                                                                                                                    DNS Queries

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                    Mar 10, 2024 17:30:43.607501984 CET192.168.2.41.1.1.10x9804Standard query (0)title-formula.at.ply.ggA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.327569008 CET192.168.2.41.1.1.10xe748Standard query (0)botmaster.mediaplus.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.777764082 CET192.168.2.41.1.1.10x586dStandard query (0)web.whatsapp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.778539896 CET192.168.2.41.1.1.10x528eStandard query (0)web.whatsapp.com65IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.782217979 CET192.168.2.41.1.1.10x2d9dStandard query (0)web.whatsapp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.112807035 CET192.168.2.41.1.1.10xa0dcStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.113374949 CET192.168.2.41.1.1.10xe592Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.114272118 CET192.168.2.41.1.1.10x23deStandard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.119498968 CET192.168.2.41.1.1.10x4436Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                    DNS Answers

                                                                                                                                                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                    Mar 10, 2024 17:30:43.789243937 CET1.1.1.1192.168.2.40x9804No error (0)title-formula.at.ply.gg209.25.140.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.562602043 CET1.1.1.1192.168.2.40xe748No error (0)botmaster.mediaplus.me173.248.130.117A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.932476997 CET1.1.1.1192.168.2.40x586dNo error (0)web.whatsapp.commmx-ds.cdn.whatsapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.932476997 CET1.1.1.1192.168.2.40x586dNo error (0)mmx-ds.cdn.whatsapp.net31.13.65.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.933118105 CET1.1.1.1192.168.2.40x528eNo error (0)web.whatsapp.commmx-ds.cdn.whatsapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.937690973 CET1.1.1.1192.168.2.40x2d9dNo error (0)web.whatsapp.commmx-ds.cdn.whatsapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:20.937690973 CET1.1.1.1192.168.2.40x2d9dNo error (0)mmx-ds.cdn.whatsapp.net31.13.65.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.267573118 CET1.1.1.1192.168.2.40xa0dcNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.267573118 CET1.1.1.1192.168.2.40xa0dcNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.268357992 CET1.1.1.1192.168.2.40xe592No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.268976927 CET1.1.1.1192.168.2.40x23deNo error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.268976927 CET1.1.1.1192.168.2.40x23deNo error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                    Mar 10, 2024 17:31:24.274208069 CET1.1.1.1192.168.2.40x4436No error (0)chrome.cloudflare-dns.com65IN (0x0001)false

                                                                                                                                                                                                    HTTP Packets

                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    0192.168.2.449738173.248.130.117803736C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.797898054 CET133OUTGET /api/v2/getwapi.ashx?key=Ju9SWyJu9WQwgnmtZo7m2meGaJg8ciMVZGByC HTTP/1.1
                                                                                                                                                                                                    Host: botmaster.mediaplus.me
                                                                                                                                                                                                    Connection: Keep-Alive
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.985215902 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                    Cache-Control: private
                                                                                                                                                                                                    Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                    Server: Microsoft-IIS/8.5
                                                                                                                                                                                                    X-AspNet-Version: 4.0.30319
                                                                                                                                                                                                    X-Powered-By: ASP.NET
                                                                                                                                                                                                    Date: Sun, 10 Mar 2024 16:31:00 GMT
                                                                                                                                                                                                    Content-Length: 474879
                                                                                                                                                                                                    Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 77 70 70 63 6f 6e 6e 65 63 74 2d 77 61 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 74 29 3a 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 65 78 70 6f 72 74 73 2e 57 50 50 3d 74 28 29 3a 65 2e 57 50 50 3d 74 28 29 7d 28 73 65 6c 66 2c 28 28 29 3d 3e 28 28 29 3d 3e 7b 76 61 72 20 5f 5f 77 65 62 70 61 63 6b 5f 6d 6f 64 75 6c 65 73 5f 5f 3d 7b 37 39 37 34 32 3a 28 65 2c 74 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 2e 62 79 74 65 4c 65 6e 67 74 68 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 61 28 65 29 2c 72 3d 74 5b 30 5d 2c 6e 3d 74 5b 31 5d 3b 72 65 74 75 72 6e 20 33 2a 28 72 2b 6e 29 2f 34 2d 6e 7d 2c 74 2e 74 6f 42 79 74 65 41 72 72 61 79 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 2c 72 2c 69 3d 61 28 65 29 2c 73 3d 69 5b 30 5d 2c 75 3d 69 5b 31 5d 2c 63 3d 6e 65 77 20 6f 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 72 65 74 75 72 6e 20 33 2a 28 74 2b 72 29 2f 34 2d 72 7d 28 30 2c 73 2c 75 29 29 2c 6c 3d 30 2c 64 3d 75 3e 30 3f 73 2d 34 3a 73 3b 66 6f 72 28 72 3d 30 3b 72 3c 64 3b 72 2b 3d 34 29 74 3d 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 29 5d 3c 3c 31 38 7c 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 2b 31 29 5d 3c 3c 31 32 7c 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 2b 32 29 5d 3c 3c 36 7c 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 2b 33 29 5d 2c 63 5b 6c 2b 2b 5d 3d 74 3e 3e 31 36 26 32 35 35 2c 63 5b 6c 2b 2b 5d 3d 74 3e 3e 38 26 32 35 35 2c 63 5b 6c 2b 2b 5d 3d 32 35 35 26 74 3b 72 65 74 75 72 6e 20 32 3d 3d 3d 75 26 26 28 74 3d 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 29 5d 3c 3c 32 7c 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 2b 31 29 5d 3e 3e 34 2c 63 5b 6c 2b 2b 5d 3d 32 35 35 26 74 29 2c 31 3d 3d 3d 75 26 26 28 74 3d 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 29 5d 3c 3c 31 30 7c 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 2b 31 29 5d 3c 3c 34 7c 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 2b 32 29 5d 3e 3e 32 2c 63 5b 6c 2b 2b 5d 3d 74 3e 3e 38 26 32 35 35 2c 63 5b 6c 2b 2b 5d 3d 32 35 35 26 74 29 2c 63 7d 2c 74 2e 66 72 6f 6d 42 79 74 65 41 72 72 61 79 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 3d 65 2e 6c 65 6e 67 74 68 2c 6f 3d 6e 25 33 2c 69 3d 5b 5d 2c 73 3d 31 36 33 38 33 2c 61 3d 30 2c 63 3d 6e 2d 6f 3b 61 3c 63 3b 61 2b 3d 73 29 69 2e 70 75 73 68 28 75 28 65 2c 61 2c 61 2b 73 3e 63 3f 63 3a 61 2b 73 29 29 3b 72 65 74 75 72 6e 20 31 3d 3d 3d 6f 3f 28 74 3d 65 5b 6e 2d 31 5d 2c 69 2e 70 75 73 68 28 72 5b 74 3e 3e 32 5d 2b 72 5b 74 3c 3c 34 26 36 33 5d 2b 22 3d 3d 22 29 29 3a 32 3d 3d 3d 6f 26 26 28 74 3d 28 65 5b 6e 2d 32 5d 3c 3c 38 29 2b 65 5b
                                                                                                                                                                                                    Data Ascii: /*! For license information please see wppconnect-wa.js.LICENSE.txt */!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.WPP=t():e.WPP=t()}(self,(()=>(()=>{var __webpack_modules__={79742:(e,t)=>{"use strict";t.byteLength=function(e){var t=a(e),r=t[0],n=t[1];return 3*(r+n)/4-n},t.toByteArray=function(e){var t,r,i=a(e),s=i[0],u=i[1],c=new o(function(e,t,r){return 3*(t+r)/4-r}(0,s,u)),l=0,d=u>0?s-4:s;for(r=0;r<d;r+=4)t=n[e.charCodeAt(r)]<<18|n[e.charCodeAt(r+1)]<<12|n[e.charCodeAt(r+2)]<<6|n[e.charCodeAt(r+3)],c[l++]=t>>16&255,c[l++]=t>>8&255,c[l++]=255&t;return 2===u&&(t=n[e.charCodeAt(r)]<<2|n[e.charCodeAt(r+1)]>>4,c[l++]=255&t),1===u&&(t=n[e.charCodeAt(r)]<<10|n[e.charCodeAt(r+1)]<<4|n[e.charCodeAt(r+2)]>>2,c[l++]=t>>8&255,c[l++]=255&t),c},t.fromByteArray=function(e){for(var t,n=e.length,o=n%3,i=[],s=16383,a=0,c=n-o;a<c;a+=s)i.push(u(e,a,a+s>c?c:a+s));return 1===o?(t=e[n-1],i.push(r[t>>2]+r[t<<4&63]+"==")):2===o&&(t=(e[n-2]<<8)+e[
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.985253096 CET1286INData Raw: 6e 2d 31 5d 2c 69 2e 70 75 73 68 28 72 5b 74 3e 3e 31 30 5d 2b 72 5b 74 3e 3e 34 26 36 33 5d 2b 72 5b 74 3c 3c 32 26 36 33 5d 2b 22 3d 22 29 29 2c 69 2e 6a 6f 69 6e 28 22 22 29 7d 3b 66 6f 72 28 76 61 72 20 72 3d 5b 5d 2c 6e 3d 5b 5d 2c 6f 3d 22
                                                                                                                                                                                                    Data Ascii: n-1],i.push(r[t>>10]+r[t>>4&63]+r[t<<2&63]+"=")),i.join("")};for(var r=[],n=[],o="undefined"!=typeof Uint8Array?Uint8Array:Array,i="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",s=0;s<64;++s)r[s]=i[s],n[i.charCodeAt(s)]=s;f
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.985270023 CET1286INData Raw: 74 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 55 6e 6b 6e 6f 77 6e 20 65 6e 63 6f 64 69 6e 67 3a 20 22 2b 74 29 3b 63 6f 6e 73 74 20 72 3d 30 7c 6d 28 65 2c 74 29 3b 6c 65 74 20 6e 3d 61 28 72 29 3b 63 6f 6e 73 74 20 6f
                                                                                                                                                                                                    Data Ascii: t))throw new TypeError("Unknown encoding: "+t);const r=0|m(e,t);let n=a(r);const o=n.write(e,t);return o!==r&&(n=n.slice(0,o)),n}(e,t);if(ArrayBuffer.isView(e))return function(e){if(H(e,Uint8Array)){const t=new Uint8Array(e);return p(t.buffer,
                                                                                                                                                                                                    Mar 10, 2024 17:31:02.985306025 CET1286INData Raw: 2c 20 41 72 72 61 79 42 75 66 66 65 72 2c 20 41 72 72 61 79 2c 20 6f 72 20 41 72 72 61 79 2d 6c 69 6b 65 20 4f 62 6a 65 63 74 2e 20 52 65 63 65 69 76 65 64 20 74 79 70 65 20 22 2b 74 79 70 65 6f 66 20 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 65
                                                                                                                                                                                                    Data Ascii: , ArrayBuffer, Array, or Array-like Object. Received type "+typeof e)}function l(e){if("number"!=typeof e)throw new TypeError('"size" argument must be of type number');if(e<0)throw new RangeError('The value "'+e+'" is invalid for option "size"
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170409918 CET1286INData Raw: 66 2d 38 22 3a 72 65 74 75 72 6e 20 24 28 65 29 2e 6c 65 6e 67 74 68 3b 63 61 73 65 22 75 63 73 32 22 3a 63 61 73 65 22 75 63 73 2d 32 22 3a 63 61 73 65 22 75 74 66 31 36 6c 65 22 3a 63 61 73 65 22 75 74 66 2d 31 36 6c 65 22 3a 72 65 74 75 72 6e
                                                                                                                                                                                                    Data Ascii: f-8":return $(e).length;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return 2*r;case"hex":return r>>>1;case"base64":return K(e).length;default:if(o)return n?-1:$(e).length;t=(""+t).toLowerCase(),o=!0}}function y(e,t,r){let n=!1;if((void
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170433998 CET1286INData Raw: 6c 61 73 74 49 6e 64 65 78 4f 66 2e 63 61 6c 6c 28 65 2c 74 2c 72 29 3a 76 28 65 2c 5b 74 5d 2c 72 2c 6e 2c 6f 29 3b 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 76 61 6c 20 6d 75 73 74 20 62 65 20 73 74 72 69 6e 67 2c 20 6e 75
                                                                                                                                                                                                    Data Ascii: lastIndexOf.call(e,t,r):v(e,[t],r,n,o);throw new TypeError("val must be string, number or Buffer")}function v(e,t,r,n,o){let i,s=1,a=e.length,u=t.length;if(void 0!==n&&("ucs2"===(n=String(n).toLowerCase())||"ucs-2"===n||"utf16le"===n||"utf-16l
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170453072 CET1286INData Raw: 79 28 65 29 3a 6e 2e 66 72 6f 6d 42 79 74 65 41 72 72 61 79 28 65 2e 73 6c 69 63 65 28 74 2c 72 29 29 7d 66 75 6e 63 74 69 6f 6e 20 53 28 65 2c 74 2c 72 29 7b 72 3d 4d 61 74 68 2e 6d 69 6e 28 65 2e 6c 65 6e 67 74 68 2c 72 29 3b 63 6f 6e 73 74 20
                                                                                                                                                                                                    Data Ascii: y(e):n.fromByteArray(e.slice(t,r))}function S(e,t,r){r=Math.min(e.length,r);const n=[];let o=t;for(;o<r;){const t=e[o];let i=null,s=t>239?4:t>223?3:t>191?2:1;if(o+s<=r){let r,n,a,u;switch(s){case 1:t<128&&(i=t);break;case 2:r=e[o+1],128==(192&
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170469999 CET1286INData Raw: 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 75 2e 70 72 6f 74 6f 74 79 70 65 2c 22 70 61 72 65 6e 74 22 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 75 2e 69 73 42 75 66 66 65 72 28 74
                                                                                                                                                                                                    Data Ascii: .defineProperty(u.prototype,"parent",{enumerable:!0,get:function(){if(u.isBuffer(this))return this.buffer}}),Object.defineProperty(u.prototype,"offset",{enumerable:!0,get:function(){if(u.isBuffer(this))return this.byteOffset}}),u.poolSize=8192
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170485973 CET1286INData Raw: 31 7d 7d 2c 75 2e 63 6f 6e 63 61 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 27 22 6c 69 73 74 22 20 61 72 67 75 6d 65
                                                                                                                                                                                                    Data Ascii: 1}},u.concat=function(e,t){if(!Array.isArray(e))throw new TypeError('"list" argument must be an Array of Buffers');if(0===e.length)return u.alloc(0);let r;if(void 0===t)for(t=0,r=0;r<e.length;++r)t+=e[r].length;const n=u.allocUnsafe(t);let o=0
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170502901 CET1286INData Raw: 74 6f 4c 6f 63 61 6c 65 53 74 72 69 6e 67 3d 75 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2c 75 2e 70 72 6f 74 6f 74 79 70 65 2e 65 71 75 61 6c 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 75 2e 69 73 42 75 66 66 65 72 28
                                                                                                                                                                                                    Data Ascii: toLocaleString=u.prototype.toString,u.prototype.equals=function(e){if(!u.isBuffer(e))throw new TypeError("Argument must be a Buffer");return this===e||0===u.compare(this,e)},u.prototype.inspect=function(){let e="";const r=t.h2;return e=this.to
                                                                                                                                                                                                    Mar 10, 2024 17:31:03.170519114 CET1286INData Raw: 72 3d 74 68 69 73 2e 6c 65 6e 67 74 68 2c 74 3d 30 3b 65 6c 73 65 20 69 66 28 76 6f 69 64 20 30 3d 3d 3d 72 26 26 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 29 6e 3d 74 2c 72 3d 74 68 69 73 2e 6c 65 6e 67 74 68 2c 74 3d 30 3b 65 6c 73
                                                                                                                                                                                                    Data Ascii: r=this.length,t=0;else if(void 0===r&&"string"==typeof t)n=t,r=this.length,t=0;else{if(!isFinite(t))throw new Error("Buffer.write(string, encoding, offset[, length]) is no longer supported");t>>>=0,isFinite(r)?(r>>>=0,void 0===n&&(n="utf8")):(


                                                                                                                                                                                                    HTTPS Proxied Packets

                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    0192.168.2.44974431.13.65.494435724C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-03-10 16:31:21 UTC714OUTGET / HTTP/1.1
                                                                                                                                                                                                    Host: web.whatsapp.com
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                    Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                    Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                    Sec-Fetch-Mode: navigate
                                                                                                                                                                                                    Sec-Fetch-User: ?1
                                                                                                                                                                                                    Sec-Fetch-Dest: document
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                    2024-03-10 16:31:21 UTC1996INHTTP/1.1 200 OK
                                                                                                                                                                                                    Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                    Vary: Accept-Encoding, User-Agent, Accept-Language
                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                    reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"
                                                                                                                                                                                                    report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                    document-policy: force-load-at-top
                                                                                                                                                                                                    permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                    cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                    cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
                                                                                                                                                                                                    cross-origin-opener-policy: unsafe-none;report-to="coop_report"
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                    2024-03-10 16:31:21 UTC1768INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 66 72 61 6d 65 2d 61 6e 63 65 73 74 6f 72 73 20 27 73 65 6c 66 27 3b 0d 0a 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 73 65 6c 66 27 20 64 61 74 61 3a 20 62 6c 6f 62 3a 3b 73 63 72 69 70 74 2d 73 72 63 20 27 73 65 6c 66 27 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 77 68 61 74 73 61 70 70 2e 6e 65 74 20 68 74 74 70 73 3a 2f 2f 6d 61 70 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 3b 73 74 79 6c 65 2d 73 72 63
                                                                                                                                                                                                    Data Ascii: content-security-policy: frame-ancestors 'self';content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src
                                                                                                                                                                                                    2024-03-10 16:31:21 UTC1500INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 64 69 72 3d 22 6c 74 72 22 20 6c 6f 63 3d 22 65 6e 2d 47 42 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 57 68 61 74 73 41 70 70 20 57 65 62 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6e
                                                                                                                                                                                                    Data Ascii: <!DOCTYPE html><html class="no-js" dir="ltr" loc="en-GB"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><title>WhatsApp Web</title><meta name="viewport" content="width=device-width"><meta name="google" content="n
                                                                                                                                                                                                    2024-03-10 16:31:21 UTC1500INData Raw: 37 2c 20 32 33 39 2c 20 30 2e 38 38 29 3b 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 6c 69 67 68 74 65 72 3a 23 36 36 37 37 38 31 3b 2d 2d 70 72 6f 67 72 65 73 73 2d 70 72 69 6d 61 72 79 3a 23 30 62 38 34 36 64 3b 2d 2d 70 72 6f 67 72 65 73 73 2d 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 33 33 31 33 38 7d 23 61 70 70 2c 62 6f 64 79 2c 68 74 6d 6c 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 23 61 70 70 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 7d 23 69 6e 69 74 69 61 6c 5f 73 74 61 72 74 75 70 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 64 69
                                                                                                                                                                                                    Data Ascii: 7, 239, 0.88);--secondary-lighter:#667781;--progress-primary:#0b846d;--progress-background:#233138}#app,body,html{width:100%;height:100%;padding:0;margin:0;overflow:hidden}#app{position:absolute;top:0;left:0}#initial_startup{position:fixed;top:0;left:0;di
                                                                                                                                                                                                    2024-03-10 16:31:21 UTC1500INData Raw: 31 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 6c 69 67 68 74 65 72 29 7d 23 69 6e 69 74 69 61 6c 5f 73 74 61 72 74 75 70 20 2e 73 65 63 6f 6e 64 61 72 79 20 73 70 61 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 70 72 6f 67 72 65 73 73 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 6e 6f 6e 65 3b 61 70 70 65 61 72 61 6e 63 65 3a 6e 6f 6e 65 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 33 70 78 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 70 72 6f 67 72 65 73 73 2d 70 72 69 6d 61 72 79 29 3b
                                                                                                                                                                                                    Data Ascii: 12px;font-size:14px;color:var(--secondary-lighter)}#initial_startup .secondary span{display:inline-block;margin-bottom:2px;vertical-align:middle}progress{-webkit-appearance:none;appearance:none;width:100%;height:3px;margin:0;color:var(--progress-primary);
                                                                                                                                                                                                    2024-03-10 16:31:21 UTC1500INData Raw: 2d 34 2e 34 2d 32 2e 31 2d 2e 36 2d 2e 32 2d 31 2d 2e 34 2d 31 2e 34 2e 33 6c 2d 32 20 32 2e 35 63 2d 2e 34 2e 34 2d 2e 38 2e 35 2d 31 2e 35 2e 32 2d 2e 36 2d 2e 33 2d 32 2e 37 2d 31 2d 35 2e 31 2d 33 2e 32 2d 32 2d 31 2e 37 2d 33 2e 32 2d 33 2e 38 2d 33 2e 36 2d 34 2e 35 2d 2e 34 2d 2e 36 20 30 2d 31 20 2e 33 2d 31 2e 33 6c 31 2d 31 2e 31 2e 36 2d 31 2e 31 63 2e 32 2d 2e 34 20 30 2d 2e 38 20 30 2d 31 2e 31 6c 2d 32 2d 34 2e 38 63 2d 2e 36 2d 31 2e 33 2d 31 2e 31 2d 31 2d 31 2e 35 2d 31 2e 31 68 2d 31 2e 32 63 2d 2e 35 20 30 2d 31 2e 32 2e 31 2d 31 2e 38 2e 38 2d 2e 35 2e 36 2d 32 2e 32 20 32 2e 32 2d 32 2e 32 20 35 2e 33 20 30 20 33 2e 32 20 32 2e 33 20 36 2e 33 20 32 2e 36 20 36 2e 37 2e 33 2e 34 20 34 2e 36 20 37 20 31 31 20 39 2e 37 6c 33 2e 37 20 31
                                                                                                                                                                                                    Data Ascii: -4.4-2.1-.6-.2-1-.4-1.4.3l-2 2.5c-.4.4-.8.5-1.5.2-.6-.3-2.7-1-5.1-3.2-2-1.7-3.2-3.8-3.6-4.5-.4-.6 0-1 .3-1.3l1-1.1.6-1.1c.2-.4 0-.8 0-1.1l-2-4.8c-.6-1.3-1.1-1-1.5-1.1h-1.2c-.5 0-1.2.1-1.8.8-.5.6-2.2 2.2-2.2 5.3 0 3.2 2.3 6.3 2.6 6.7.3.4 4.6 7 11 9.7l3.7 1
                                                                                                                                                                                                    2024-03-10 16:31:21 UTC1500INData Raw: 38 35 32 34 62 30 31 22 3e 2f 2a 21 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 32 34 20 57 68 61 74 73 41 70 70 20 49 6e 63 2e 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 2e 20 2a 2f 0a 28 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 77 68 61 74 73 61 70 70 5f 77 65 62 5f 63 6c 69 65 6e 74 3d 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 77 68 61 74 73 61 70 70 5f 77 65 62 5f 63 6c 69 65 6e 74 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 35 36 31 37 5d 2c 7b 33 30 37 39 31 34 3a 65 3d 3e 7b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 65 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3f 65 3a 7b 64 65 66 61 75 6c 74 3a 65 7d 7d 7d 2c 35 39 35 33 31 38 3a 65 3d 3e 7b 65 2e 65 78 70 6f 72 74
                                                                                                                                                                                                    Data Ascii: 8524b01">/*! Copyright (c) 2024 WhatsApp Inc. All Rights Reserved. */(self.webpackChunkwhatsapp_web_client=self.webpackChunkwhatsapp_web_client||[]).push([[5617],{307914:e=>{e.exports=function(e){return e&&e.__esModule?e:{default:e}}},595318:e=>{e.export
                                                                                                                                                                                                    2024-03-10 16:31:21 UTC1500INData Raw: 72 73 69 6f 6e 3a 72 2c 62 72 6f 77 73 65 72 3a 6e 2c 64 65 76 69 63 65 3a 6f 7d 3d 65 3b 72 65 74 75 72 6e 20 74 3d 22 57 65 62 2f 22 2b 6e 2c 60 57 68 61 74 73 41 70 70 2f 24 7b 72 7d 20 24 7b 74 7d 20 44 65 76 69 63 65 2f 24 7b 6f 7d 60 7d 2c 6e 28 72 28 34 37 32 35 31 34 29 29 2c 6e 28 72 28 35 35 36 38 36 39 29 29 7d 2c 37 39 34 38 35 38 3a 28 65 2c 74 2c 72 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 6e 3d 72 28 35 39 35 33 31 38 29 2c 6f 3d 6e 28 72 28 36 37 30 39 38 33 29 29 2c 61 3d 72 28 35 30 38 32 34 37 29 2c 73 3d 72 28 32 35 30 34 37 33 29 2c 63 3d 72 28 32 30 37 30 32 34 29 2c 5f 3d 6e 28 72 28 31 37 34 32 38 35 29 29 2c 75 3d 72 28 34 32 35 30 31 37 29 3b 66 75 6e 63 74 69 6f 6e 20 69 28 65 29 7b 21 66 75 6e 63 74 69 6f
                                                                                                                                                                                                    Data Ascii: rsion:r,browser:n,device:o}=e;return t="Web/"+n,`WhatsApp/${r} ${t} Device/${o}`},n(r(472514)),n(r(556869))},794858:(e,t,r)=>{"use strict";var n=r(595318),o=n(r(670983)),a=r(508247),s=r(250473),c=r(207024),_=n(r(174285)),u=r(425017);function i(e){!functio
                                                                                                                                                                                                    2024-03-10 16:31:21 UTC1500INData Raw: 61 74 20 5b 24 7b 6e 7d 3a 24 7b 72 7d 5d 60 2c 73 74 61 63 6b 3a 22 22 7d 29 29 2c 21 31 29 7d 29 3b 63 6f 6e 73 74 20 64 3d 7b 55 4e 4b 4e 4f 57 4e 5f 49 44 3a 61 2e 55 4e 4b 4e 4f 57 4e 5f 49 44 7d 2c 66 3d 22 4d 6f 7a 69 6c 6c 61 2f 35 2e 30 20 28 4d 61 63 69 6e 74 6f 73 68 3b 20 49 6e 74 65 6c 20 4d 61 63 20 4f 53 20 58 20 31 30 5f 31 30 5f 31 29 20 41 70 70 6c 65 57 65 62 4b 69 74 2f 35 33 37 2e 33 36 20 28 4b 48 54 4d 4c 2c 20 6c 69 6b 65 20 47 65 63 6b 6f 29 20 43 68 72 6f 6d 65 2f 36 30 2e 30 2e 33 31 31 32 2e 31 31 33 20 53 61 66 61 72 69 2f 35 33 37 2e 33 36 22 3b 6c 65 74 20 70 7d 2c 34 32 35 30 31 37 3a 28 65 2c 74 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 66 75 6e 63 74 69 6f 6e 20 72 28 65 29 7b 72 65 74 75 72 6e 20 65 2e 69 6e 63
                                                                                                                                                                                                    Data Ascii: at [${n}:${r}]`,stack:""})),!1)});const d={UNKNOWN_ID:a.UNKNOWN_ID},f="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36";let p},425017:(e,t)=>{"use strict";function r(e){return e.inc
                                                                                                                                                                                                    2024-03-10 16:31:21 UTC1200INData Raw: 5f 4f 52 49 47 49 4e 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 2f 22 2c 74 2e 57 53 5f 4f 52 49 47 49 4e 3d 22 22 2c 74 2e 46 4c 42 5f 50 4c 41 54 46 4f 52 4d 3d 22 77 65 62 22 2c 74 2e 46 42 5f 41 50 50 5f 49 44 3d 22 22 2c 74 2e 55 4e 4b 4e 4f 57 4e 5f 49 44 3d 22 57 41 55 6e 6b 6e 6f 77 6e 49 44 22 2c 74 2e 42 55 49 4c 44 5f 49 44 3d 22 35 37 33 31 30 37 35 39 39 22 2c 74 2e 42 55 49 4c 44 5f 54 49 4d 45 53 54 41 4d 50 3d 22 4d 61 72 63 68 20 34 2c 20 32 30 32 34 22 2c 74 2e 57 45 42 5f 50 55 42 4c 49 43 5f 50 41 54 48 3d 22 2f 22 2c 74 2e 42 55 49 4c 44 5f 55 52 4c 3d 22 68 74 74 70 73 3a 2f 2f 77 65 62 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 2f 22 2c 74 2e 55 53 45 52 5f 54 49 4d 49 4e 47 53 3d 21 31 7d 2c 34 37 32
                                                                                                                                                                                                    Data Ascii: _ORIGIN="https://web.whatsapp.com/",t.WS_ORIGIN="",t.FLB_PLATFORM="web",t.FB_APP_ID="",t.UNKNOWN_ID="WAUnknownID",t.BUILD_ID="573107599",t.BUILD_TIMESTAMP="March 4, 2024",t.WEB_PUBLIC_PATH="/",t.BUILD_URL="https://web.whatsapp.com/",t.USER_TIMINGS=!1},472


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    1192.168.2.44974531.13.65.494435724C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-03-10 16:31:23 UTC640OUTGET /stylex-176c9103de3ad9ce77b1b6511982bf5d.css HTTP/1.1
                                                                                                                                                                                                    Host: web.whatsapp.com
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                    Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                    Sec-Fetch-Site: same-origin
                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                    Sec-Fetch-Dest: style
                                                                                                                                                                                                    Referer: https://web.whatsapp.com/
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                    2024-03-10 16:31:23 UTC1983INHTTP/1.1 200 OK
                                                                                                                                                                                                    Content-Type: text/css;charset=utf-8
                                                                                                                                                                                                    Vary: Accept-Encoding, Referer
                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                    reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"
                                                                                                                                                                                                    report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                    document-policy: force-load-at-top
                                                                                                                                                                                                    permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                    cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                    cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
                                                                                                                                                                                                    cross-origin-opener-policy: unsafe-none;report-to="coop_report"
                                                                                                                                                                                                    Pragma: public
                                                                                                                                                                                                    Cache-Control: max-age=31449600
                                                                                                                                                                                                    Expires: Sun, 09 Mar 2025 16:31:23 +0000
                                                                                                                                                                                                    X-Content-Type-Options: nosniff
                                                                                                                                                                                                    X-XSS-Protection: 0
                                                                                                                                                                                                    2024-03-10 16:31:23 UTC1768INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 66 72 61 6d 65 2d 61 6e 63 65 73 74 6f 72 73 20 27 73 65 6c 66 27 3b 0d 0a 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 73 65 6c 66 27 20 64 61 74 61 3a 20 62 6c 6f 62 3a 3b 73 63 72 69 70 74 2d 73 72 63 20 27 73 65 6c 66 27 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 77 68 61 74 73 61 70 70 2e 6e 65 74 20 68 74 74 70 73 3a 2f 2f 6d 61 70 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 3b 73 74 79 6c 65 2d 73 72 63
                                                                                                                                                                                                    Data Ascii: content-security-policy: frame-ancestors 'self';content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src
                                                                                                                                                                                                    2024-03-10 16:31:23 UTC1500INData Raw: 2e 61 31 6d 39 71 7a 6a 61 7b 66 6c 65 78 3a 31 7d 0a 2e 61 6a 61 30 78 33 35 30 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 0a 2e 61 6a 75 7a 67 6f 73 70 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 35 30 25 29 7d 0a 2e 61 6d 78 72 72 61 79 69 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 39 37 29 7d 0a 2e 61 6f 6c 61 6e 38 76 78 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 39 34 29 7d 0a 2e 62 34 61 37 38 72 65 34 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 31 33 35 64 65 67 29 7d 0a 2e 62 34 78 6d 38 72 6a 68 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 31 29 7d 0a 2e 62 35 62 71 6e 75 39 32 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 2d 32 34 30 25 29 7d
                                                                                                                                                                                                    Data Ascii: .a1m9qzja{flex:1}.aja0x350{text-decoration:none}.ajuzgosp{transform:translateX(50%)}.amxrrayi{transform:scale(.97)}.aolan8vx{transform:scale(.94)}.b4a78re4{transform:rotate(135deg)}.b4xm8rjh{transform:scale(1)}.b5bqnu92{transform:translateY(-240%)}
                                                                                                                                                                                                    2024-03-10 16:31:23 UTC1500INData Raw: 31 29 7d 0a 2e 67 6b 36 69 67 72 77 64 7b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 7d 0a 2e 67 71 6f 6e 6f 63 6d 6e 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 2d 31 32 30 25 29 7d 0a 2e 67 76 37 34 7a 78 79 73 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 31 2e 36 31 70 78 29 7d 0a 2e 68 61 69 67 74 32 74 63 7b 74 72 61 6e 73 69 74 69 6f 6e 3a 6f 70 61 63 69 74 79 20 2e 33 73 20 65 61 73 65 7d 0a 2e 68 64 61 31 72 30 6c 30 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 38 32 29 7d 0a 2e 68 66 65 72 32 38 68 67 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 30 2c 2d 33 70 78 29 20 73 63 61 6c 65 28 2e 37 35 29 7d 0a 2e 68 68 67 72 70 73 78 30 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28
                                                                                                                                                                                                    Data Ascii: 1)}.gk6igrwd{outline:none}.gqonocmn{transform:translateY(-120%)}.gv74zxys{transform:translateX(1.61px)}.haigt2tc{transition:opacity .3s ease}.hda1r0l0{transform:scale(.82)}.hfer28hg{transform:translate(0,-3px) scale(.75)}.hhgrpsx0{transform:rotate(
                                                                                                                                                                                                    2024-03-10 16:31:23 UTC1500INData Raw: 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 2e 39 39 35 70 78 29 7d 0a 2e 6f 37 7a 39 62 32 6a 67 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 2d 31 30 30 25 29 7d 0a 2e 6f 62 6e 37 6a 76 6e 6b 7b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 30 2c 2d 32 70 78 29 20 73 63 61 6c 65 28 2e 38 35 29 7d 0a 2e 6f 64 6b 76 62 64 6f 31 7b 74 72 61 6e 73 69 74 69 6f 6e 3a 74 72 61 6e 73 66 6f 72 6d 20 2e 32 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 34 2c 30 2c 2e 32 2c 31 29 2c 6f 70 61 63 69 74 79 20 2e 32 73 20 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 34 2c 30 2c 2e 32 2c 31 29 7d 0a 2e 6f 66 30 75 76 7a 31 63 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 38 37 29 7d 0a 2e 6f 6e 6b 72 6b 32 66 74
                                                                                                                                                                                                    Data Ascii: ransform:translateX(.995px)}.o7z9b2jg{transform:translateX(-100%)}.obn7jvnk{transform:translate(0,-2px) scale(.85)}.odkvbdo1{transition:transform .2s cubic-bezier(.4,0,.2,1),opacity .2s cubic-bezier(.4,0,.2,1)}.of0uvz1c{transform:scale(.87)}.onkrk2ft
                                                                                                                                                                                                    2024-03-10 16:31:23 UTC1500INData Raw: 66 7d 0a 68 74 6d 6c 3a 6e 6f 74 28 5b 64 69 72 3d 27 72 74 6c 27 5d 29 20 2e 61 36 68 64 6e 37 33 71 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 73 6f 6c 69 64 20 72 67 62 61 28 38 32 2c 32 34 38 2c 32 34 2c 31 29 7d 0a 68 74 6d 6c 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 61 36 68 64 6e 37 33 71 7b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 73 6f 6c 69 64 20 72 67 62 61 28 38 32 2c 32 34 38 2c 32 34 2c 31 29 7d 0a 68 74 6d 6c 3a 6e 6f 74 28 5b 64 69 72 3d 27 72 74 6c 27 5d 29 20 2e 61 66 37 64 34 35 35 66 7b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 32 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 76 61 72 28 2d 2d 69 6e 76 65 72 73 65 2d 72 67 62 29 2c 2e 31 29 7d 0a 68 74 6d 6c 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 61 66 37 64 34 35 35 66 7b 62 6f 72 64 65 72 2d 72 69 67
                                                                                                                                                                                                    Data Ascii: f}html:not([dir='rtl']) .a6hdn73q{border-right:solid rgba(82,248,24,1)}html[dir='rtl'] .a6hdn73q{border-left:solid rgba(82,248,24,1)}html:not([dir='rtl']) .af7d455f{border-left:2px solid rgba(var(--inverse-rgb),.1)}html[dir='rtl'] .af7d455f{border-rig
                                                                                                                                                                                                    2024-03-10 16:31:23 UTC900INData Raw: 6d 3a 34 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 77 61 6c 6c 70 61 70 65 72 2d 74 68 75 6d 62 2d 62 6f 72 64 65 72 2d 61 63 74 69 76 65 29 7d 0a 68 74 6d 6c 3a 6e 6f 74 28 5b 64 69 72 3d 27 72 74 6c 27 5d 29 20 2e 62 6d 72 6f 36 70 6b 61 7b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 31 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 69 63 6f 6e 2d 64 69 73 61 62 6c 65 64 29 7d 0a 68 74 6d 6c 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 62 6d 72 6f 36 70 6b 61 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 31 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 69 63 6f 6e 2d 64 69 73 61 62 6c 65 64 29 7d 0a 2e 62 74 73 71 74 78 79 63 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 69 6e 76 65 72 73 65 29 7d 0a 68 74 6d 6c 3a 6e 6f 74 28 5b 64
                                                                                                                                                                                                    Data Ascii: m:4px solid var(--wallpaper-thumb-border-active)}html:not([dir='rtl']) .bmro6pka{border-left:1px solid var(--icon-disabled)}html[dir='rtl'] .bmro6pka{border-right:1px solid var(--icon-disabled)}.btsqtxyc{border-top:1px solid var(--inverse)}html:not([d
                                                                                                                                                                                                    2024-03-10 16:31:23 UTC1500INData Raw: 77 64 73 2d 63 6f 6f 6c 2d 67 72 61 79 2d 31 30 30 29 7d 0a 68 74 6d 6c 3a 6e 6f 74 28 5b 64 69 72 3d 27 72 74 6c 27 5d 29 20 2e 63 79 68 68 76 71 66 30 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 31 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 63 6f 6e 76 65 72 73 61 74 69 6f 6e 2d 68 65 61 64 65 72 2d 62 6f 72 64 65 72 29 7d 0a 68 74 6d 6c 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 63 79 68 68 76 71 66 30 7b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 31 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 63 6f 6e 76 65 72 73 61 74 69 6f 6e 2d 68 65 61 64 65 72 2d 62 6f 72 64 65 72 29 7d 0a 2e 64 32 37 6b 72 32 72 74 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 75 6e 73 65 74 7d 0a 2e 64 33 31 31 65 71 66 78 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20
                                                                                                                                                                                                    Data Ascii: wds-cool-gray-100)}html:not([dir='rtl']) .cyhhvqf0{border-right:1px solid var(--conversation-header-border)}html[dir='rtl'] .cyhhvqf0{border-left:1px solid var(--conversation-header-border)}.d27kr2rt{border-top:unset}.d311eqfx{border-bottom:1px solid
                                                                                                                                                                                                    2024-03-10 16:31:23 UTC1500INData Raw: 61 72 28 2d 2d 6d 6f 64 61 6c 2d 62 61 63 6b 67 72 6f 75 6e 64 29 7d 0a 68 74 6d 6c 3a 6e 6f 74 28 5b 64 69 72 3d 27 72 74 6c 27 5d 29 20 2e 65 74 61 35 61 79 6d 31 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 30 7d 0a 68 74 6d 6c 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 65 74 61 35 61 79 6d 31 7b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 30 7d 0a 68 74 6d 6c 3a 6e 6f 74 28 5b 64 69 72 3d 27 72 74 6c 27 5d 29 20 2e 65 76 71 33 6d 72 6e 76 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 31 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 62 6f 72 64 65 72 2d 64 65 66 61 75 6c 74 29 7d 0a 68 74 6d 6c 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 65 76 71 33 6d 72 6e 76 7b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 31 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 62 6f 72 64 65 72 2d 64 65 66
                                                                                                                                                                                                    Data Ascii: ar(--modal-background)}html:not([dir='rtl']) .eta5aym1{border-right:0}html[dir='rtl'] .eta5aym1{border-left:0}html:not([dir='rtl']) .evq3mrnv{border-right:1px solid var(--border-default)}html[dir='rtl'] .evq3mrnv{border-left:1px solid var(--border-def
                                                                                                                                                                                                    2024-03-10 16:31:23 UTC1500INData Raw: 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 6d 6f 64 61 6c 2d 62 61 63 6b 67 72 6f 75 6e 64 29 7d 0a 2e 67 38 30 77 65 77 62 65 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 6c 69 67 68 74 29 7d 0a 68 74 6d 6c 3a 6e 6f 74 28 5b 64 69 72 3d 27 72 74 6c 27 5d 29 20 2e 67 39 65 62 66 39 79 70 7b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 75 6e 73 65 74 7d 0a 68 74 6d 6c 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 67 39 65 62 66 39 79 70 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 75 6e 73 65 74 7d 0a 2e 67 62 36 69 61 37 78 61 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 7d 0a 2e 67 62 6b 35 39 61 39 39 7b 62 6f 72 64 65 72 2d 74 6f 70 3a
                                                                                                                                                                                                    Data Ascii: {border-bottom:2px solid var(--modal-background)}.g80wewbe{border-top:2px solid var(--secondary-light)}html:not([dir='rtl']) .g9ebf9yp{border-left:unset}html[dir='rtl'] .g9ebf9yp{border-right:unset}.gb6ia7xa{border-top:1px solid}.gbk59a99{border-top:
                                                                                                                                                                                                    2024-03-10 16:31:23 UTC1500INData Raw: 62 6f 72 64 65 72 2d 73 74 72 6f 6e 67 65 72 29 7d 0a 2e 69 36 67 62 69 6d 75 36 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 33 70 78 20 73 6f 6c 69 64 20 76 61 72 28 2d 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 64 65 66 61 75 6c 74 29 7d 0a 68 74 6d 6c 3a 6e 6f 74 28 5b 64 69 72 3d 27 72 74 6c 27 5d 29 20 2e 69 6b 6b 6f 79 6e 68 63 7b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 35 70 78 20 64 61 73 68 65 64 20 76 61 72 28 2d 2d 61 74 74 61 63 68 2d 6d 65 64 69 61 2d 64 72 6f 70 2d 62 6f 72 64 65 72 29 7d 0a 68 74 6d 6c 5b 64 69 72 3d 27 72 74 6c 27 5d 20 2e 69 6b 6b 6f 79 6e 68 63 7b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 35 70 78 20 64 61 73 68 65 64 20 76 61 72 28 2d 2d 61 74 74 61 63 68 2d 6d 65 64 69 61 2d 64 72 6f 70 2d 62 6f 72 64 65 72 29 7d 0a 2e 69 6d 34 34 38 77 33
                                                                                                                                                                                                    Data Ascii: border-stronger)}.i6gbimu6{border-top:3px solid var(--background-default)}html:not([dir='rtl']) .ikkoynhc{border-left:5px dashed var(--attach-media-drop-border)}html[dir='rtl'] .ikkoynhc{border-right:5px dashed var(--attach-media-drop-border)}.im448w3


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    2192.168.2.449751172.64.41.34435724C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-03-10 16:31:24 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                    2024-03-10 16:31:24 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                    2024-03-10 16:31:24 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                    Date: Sun, 10 Mar 2024 16:31:24 GMT
                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                    CF-RAY: 8624b1e46c8c0a01-LAS
                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                    2024-03-10 16:31:24 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 e4 00 04 8e fb 02 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                    Data Ascii: wwwgstaticcom^)


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    3192.168.2.449752162.159.61.34435724C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-03-10 16:31:24 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                    Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Content-Length: 128
                                                                                                                                                                                                    Accept: application/dns-message
                                                                                                                                                                                                    Accept-Language: *
                                                                                                                                                                                                    User-Agent: Chrome
                                                                                                                                                                                                    Accept-Encoding: identity
                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                    2024-03-10 16:31:24 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                    Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                    2024-03-10 16:31:24 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                    Server: cloudflare
                                                                                                                                                                                                    Date: Sun, 10 Mar 2024 16:31:24 GMT
                                                                                                                                                                                                    Content-Type: application/dns-message
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                    Content-Length: 468
                                                                                                                                                                                                    CF-RAY: 8624b1e46c6409ef-LAS
                                                                                                                                                                                                    alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                    2024-03-10 16:31:24 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 01 16 00 04 8e fb 02 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                    Data Ascii: wwwgstaticcom^)


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    4192.168.2.44975820.118.82.1674435724C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-03-10 16:31:28 UTC734OUTPOST /api/browser/edge/data/toptraffic/3 HTTP/1.1
                                                                                                                                                                                                    Host: data-edge.smartscreen.microsoft.com
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Content-Length: 754
                                                                                                                                                                                                    Accept: application/octet-stream;application/x-patch-bsdiff;
                                                                                                                                                                                                    Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiZVBGM3g4bUZHakJPTU9JNXhHWkQwUT09IiwgImhhc2giOiJ5V21Ib0VjdVRITT0ifQ==
                                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                    If-None-Match: "170540185939602997400506234197983529371"
                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                    2024-03-10 16:31:28 UTC754OUTData Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b
                                                                                                                                                                                                    Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
                                                                                                                                                                                                    2024-03-10 16:31:28 UTC252INHTTP/1.1 200 OK
                                                                                                                                                                                                    Date: Sun, 10 Mar 2024 16:31:28 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 460992
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Server: Kestrel
                                                                                                                                                                                                    ETag: "638004170464094982"
                                                                                                                                                                                                    Request-Context: appId=cid-v1:68ed2408-46f3-4e32-b9aa-2544a61aa301
                                                                                                                                                                                                    2024-03-10 16:31:28 UTC16132INData Raw: 00 01 b7 32 6c 49 bd 35 18 3c 43 00 3b d3 7b 9a 00 08 16 f5 5f 2b 6a 45 e7 a6 60 9a c2 7d 9c 16 00 0c 2d 9e cc 04 23 e9 41 f4 82 16 a9 4b 52 db 00 0c 6c e3 4d 30 2c 73 87 bc fb 29 94 39 d4 c2 00 0c b4 d9 e2 eb e5 8f d8 b5 78 ca fa c6 82 9e 00 0c da 46 f1 62 1d cd 1e ab c5 cd 6a 55 ed dc 00 0e 79 d2 8a 68 27 a0 d5 e5 e5 89 bf 4c 3c 1f 00 12 2a 1f c4 5a 99 f8 2a 25 e9 2a 92 1a f6 5f 00 14 b2 67 12 34 79 75 12 bc d6 99 a8 99 1c cc 00 14 c8 bf 10 27 63 3d b9 cd 49 30 99 bf d3 a1 00 17 f8 9d 81 a3 94 71 57 f8 bf 3c 3a 4e ba d2 00 1a 3c bc a6 55 f9 2c 4d 69 94 e9 c9 5f b9 8c 00 1f 17 b3 27 28 0e f5 55 df 39 10 21 05 ce 96 00 1f bc ff bf d8 75 92 d1 13 89 37 0b 86 dc 34 00 20 98 bc 45 61 f8 b8 0d 34 2e 2b fb 37 39 6b 00 21 54 ca 2d 35 57 fb 9f 21 b8 d7 9a 40 2b
                                                                                                                                                                                                    Data Ascii: 2lI5<C;{_+jE`}-#AKRlM0,s)9xFbjUyh'L<*Z*%*_g4yu'c=I0qW<:N<U,Mi_'(U9!u74 Ea4.+79k!T-5W!@+
                                                                                                                                                                                                    2024-03-10 16:31:28 UTC16384INData Raw: b8 6c 65 b5 81 d7 e8 96 a2 f6 fb f5 08 e9 4a 27 41 5a ef 9e 20 88 b1 dd 92 43 f1 c7 08 f6 31 2a b4 6b b0 d0 7b af f2 6e c0 3b 30 49 08 f7 14 46 2e c2 8e a1 9b 56 f6 89 ff 89 a1 a1 08 f8 86 49 94 74 f7 df c7 92 d3 f1 d5 09 db a4 08 f9 bb 85 2c 48 b7 6a b2 fe 9c 06 4c 91 ba af 08 fb 12 e5 67 95 f2 51 95 31 42 c4 14 92 6c 77 08 fb aa 20 c5 0c 96 4a 9a 6f 2e 40 d4 2b fd 90 08 fe aa 92 f9 b3 b3 8f b8 65 27 9b b9 df 14 f7 09 00 34 db 44 0d dd 66 70 53 8f 0b 31 18 8b ba 09 05 38 28 fa 80 5f eb 56 83 46 d1 dd 83 34 b7 09 06 35 0d 42 c1 3f 91 ee 97 ed f4 31 68 37 32 09 08 35 c9 14 24 10 2f b5 80 ac f7 9a 16 e6 e2 09 08 7a 82 38 a3 08 0b 00 2c 62 9c d0 2e d2 c4 09 09 d1 da a7 a8 16 cd 89 e5 ac fe b9 cc 8e 69 09 0e 20 d3 38 58 e2 6b 84 a1 e7 75 97 ad 75 61 09 0e 4d
                                                                                                                                                                                                    Data Ascii: leJ'AZ C1*k{n;0IF.VIt,HjLgQ1Blw Jo.@+e'4DfpS18(_VF45B?1h725$/z8,b.i 8XkuuaM
                                                                                                                                                                                                    2024-03-10 16:31:28 UTC16384INData Raw: 88 ca 0d 74 ff b7 03 d5 0b 17 29 2e 12 86 39 8d 65 51 d1 6b 43 f6 37 a6 5e 4e 7e d5 12 8c a6 4c a1 b4 9a f4 6b 69 49 eb 0d 33 90 eb 12 8f 60 36 ec 98 cd 7f 6a 59 fe c5 d1 d5 4b 38 12 92 da 96 3e 8a fd ee fb c5 ac d0 29 b4 8e 13 12 95 25 87 d8 33 f2 c0 16 e8 0f 63 67 d6 78 d1 12 96 03 01 99 d8 95 ea 2c 0a f8 85 62 05 db 93 12 96 52 aa 59 60 de e6 e9 8c 23 d4 b7 c1 34 3d 12 96 bf ae d0 b9 c2 92 db f1 41 07 61 b1 82 5d 12 97 53 89 b5 7c fd 88 82 19 c7 b1 b0 0f af ed 12 98 30 32 6a a5 03 4e 26 db 95 be 1b a9 a3 e2 12 9a ea fe 35 92 c8 f4 3b 7a 18 36 80 cb 78 bf 12 9b 33 a3 9e d9 7b 54 c8 7b da 3b ed a8 dd 25 12 9b 98 d3 83 cc 49 8e 52 58 13 7e 3f 04 d9 af 12 9c 0d 11 dc 93 65 32 c4 f0 f6 a9 12 25 13 25 12 9c 28 31 10 8a f9 38 40 df 1f 08 9f 08 d4 71 12 9f 71
                                                                                                                                                                                                    Data Ascii: t).9eQkC7^N~LkiI3`6jYK8>)%3cgx,bRY`#4=Aa]S|02jN&5;z6x3{T{;%IRX~?e2%%(18@qq
                                                                                                                                                                                                    2024-03-10 16:31:28 UTC16384INData Raw: 8c e6 1b 88 d1 53 7d a1 f2 bc f6 d3 1b bd 38 be aa 88 bb f2 1c 05 de ac 2c b3 63 c3 1b bf d8 bc e5 a8 4c 42 a1 5e 7d 76 56 07 18 dd 1b c1 05 6e 7a a0 f3 27 8e eb 4f 29 e6 e0 a0 2a 1b c2 a1 45 60 4f 19 d0 fa 94 66 c2 31 56 e0 ac 1b c3 58 61 04 7c 91 76 1b 27 0c 2e 05 4d 26 17 1b c4 0f 81 e0 48 ff 13 e9 e7 fd ae 77 76 47 85 1b c5 d5 9a 68 ef 46 53 52 de 8b 1c 3a 7b 4f 53 1b cc c2 c4 df 4d dc 18 9f 1a a6 aa 47 f5 9f 2e 1b cd 8c 32 11 55 08 6c 9c 2f 0b 09 34 58 ca d2 1b cf 2c 48 15 0b dd b9 a9 cc 90 e8 14 76 e1 c7 1b d1 50 e1 1f 03 b2 ff 0f ab b3 c3 a2 cf c2 1a 1b d6 7a 97 41 b9 a0 2a 37 7b ba 9a 0a 00 47 56 1b da a2 08 31 23 96 3c 24 0a b0 10 2f 5e b6 c3 1b dc 15 6b ce f9 b8 64 db f8 fb 84 2a d6 02 9b 1b dc 58 1e e3 44 3f fb c2 e7 7f 97 d4 41 5f 1c 1b dc 83
                                                                                                                                                                                                    Data Ascii: S}8,cLB^}vVnz'O)*E`Of1VXa|v'.M&HwvGhFSR:{OSMG.2Ul/4X,HvPzA*7{GV1#<$/^kd*XD?A_
                                                                                                                                                                                                    2024-03-10 16:31:28 UTC16384INData Raw: 9c f0 8f 05 68 32 cf 23 af 0f e9 31 25 17 e2 83 8c a0 e0 45 41 22 69 ae 51 16 97 9e 25 19 94 88 65 65 22 da 5c e4 68 67 07 cf 5f 7a 25 1e 6a 2e 6e bf 40 39 a7 91 dd 9f 82 5c b4 be 25 21 01 14 90 ab fe fa c5 d4 0a 62 0b cd 30 e1 25 21 03 7a 48 db 3d 1f b8 bc 66 91 12 c8 41 7f 25 24 00 6f 09 69 7b 22 bc d0 5a 82 9d c8 cb 00 25 24 76 95 60 1f 20 bf 51 8e ef 43 af 74 27 17 25 24 d0 90 ec 4d 35 f3 3b 75 d1 b6 56 62 63 3e 25 25 bd 14 86 f0 f0 dc 12 c9 55 32 f1 85 66 4f 25 25 de ea a2 0c 7b b9 31 02 c3 fc 10 0f 92 23 25 27 0a 2e 12 37 63 79 36 e7 03 6f 4c 1e 67 7e 25 29 ef 20 dd 60 cb e0 1f 91 82 96 c4 38 ef d3 25 2c 0d 19 1e 65 a3 27 9b 58 e2 44 e3 80 93 37 25 2c e2 18 e3 78 51 0e b2 f9 62 26 e5 78 8f 9f 25 36 84 bd bb 8f cc a6 bc 42 a8 bf 22 b0 f1 a9 25 3a 54
                                                                                                                                                                                                    Data Ascii: h2#1%EA"iQ%ee"\hg_z%j.n@9\%!b0%!zH=fA%$oi{"Z%$v` QCt'%$M5;uVbc>%%U2fO%%{1#%'.7cy6oLg~%) `8%,e'XD7%,xQb&x%6B"%:T
                                                                                                                                                                                                    2024-03-10 16:31:28 UTC16384INData Raw: b6 07 8f 44 9d 29 36 4f 29 8a 7d 80 2e 1d 98 b7 c7 17 54 cd a1 2b c2 e9 29 21 98 f9 2e 1f 4a 0d ee 13 3f 5a 00 ff e7 0d f0 d4 1c 86 2e 21 27 d4 ff 4a 83 22 1e 86 3f 93 6b 62 a1 0e 2e 25 e1 37 a1 70 d4 f6 b3 17 bd e9 dd 8d 2a 44 2e 26 32 0d f4 82 4c f6 14 9e 97 92 23 fa 52 37 2e 2a 40 96 f4 4d 34 89 21 f2 49 39 e8 d3 d3 19 2e 2b ef 39 f1 8a 4a 7e 28 b9 d0 be 00 6f 35 68 2e 2e 95 d3 bd e3 e7 a0 d6 d0 25 5e 0d b7 b5 a5 2e 31 ce 53 a9 54 e0 3b 3c 2f fc 4d eb 0f a5 e1 2e 33 1e 46 e8 3a 01 30 91 17 49 f3 33 11 46 79 2e 36 b7 bb 07 e4 6d 92 d5 42 49 d7 e5 49 f4 85 2e 36 e8 96 57 36 97 bb 40 7a 3b ca 8a e0 7e 53 2e 3a 1e f2 97 75 d6 ae 4f f5 85 eb 36 38 65 e5 2e 3a 59 df c9 6e 75 92 ac 40 ac 59 a6 fd e4 1c 2e 3b 8e 5c 94 1d 75 39 54 06 13 6b 6e 7f ef 30 2e 43 e8
                                                                                                                                                                                                    Data Ascii: D)6O)}.T+)!.J?Z.!'J"?kb.%7p*D.&2L#R7.*@M4!I9.+9J~(o5h..%^.1ST;</M.3F:0I3Fy.6mBII.6W6@z;~S.:uO68e.:Ynu@Y.;\u9Tkn0.C
                                                                                                                                                                                                    2024-03-10 16:31:29 UTC16384INData Raw: 02 f3 ca e4 05 cb a0 be 15 69 62 32 37 3c 37 3b db 81 8a b2 df cf ef b1 79 3f f8 ae 37 3d a3 01 e8 95 76 a1 63 78 77 2e 93 42 3d 4f 37 3e c4 08 a5 37 4f 84 43 dc 19 00 a9 8f 2e 0d 37 3f 82 55 cb cd 06 b9 0c 0d 94 f9 4f d6 82 e8 37 44 09 28 b8 33 ef b7 ee 6b 4c 90 ee e0 d1 3a 37 44 83 9a 56 2d 6a 58 ea 6b e5 8f 6a 1d 17 23 37 47 0f 55 f8 2b 1c 30 89 3a 1d e2 21 89 b7 42 37 4b 86 38 d0 cd 9f 96 62 d8 da bf d5 15 ed cb 37 4e 81 34 2b 0e ea ab 6f ae 29 15 59 32 ae 46 37 50 d2 0c 2a e2 ca 59 ec 21 86 70 f9 7a 6c d1 37 55 32 b2 91 f0 e7 b8 47 d0 f7 0f 64 90 d9 51 37 56 ce 44 24 61 58 d7 f8 d4 0d 8b fe 3d b0 27 37 58 1f 24 d2 a5 24 9c d7 5c 5a 71 f9 e9 f2 a3 37 58 9d d0 f0 06 3a 05 be 08 d9 90 bc 18 0d 71 37 5d 04 71 81 05 8e b6 9b 24 f2 54 35 1b 18 46 37 62 eb
                                                                                                                                                                                                    Data Ascii: ib27<7;y?7=vcxw.B=O7>7OC.7?UO7D(3kL:7DV-jXkj#7GU+0:!B7K8b7N4+o)Y2F7P*Y!pzl7U2GdQ7VD$aX='7X$$\Zq7X:q7]q$T5F7b
                                                                                                                                                                                                    2024-03-10 16:31:29 UTC16384INData Raw: 30 9b b9 2f 98 88 40 3b cc 98 d2 59 40 6d c4 d7 67 2a f1 8a f6 d5 d3 92 a9 c6 13 1d 40 71 5f 29 26 14 e2 86 f2 b1 3c d6 fc 07 07 4a 40 77 d4 86 06 be 80 6f b2 fd e4 19 fe 6b 6a 94 40 78 4d f5 b9 67 58 78 83 29 63 04 29 22 98 8d 40 7a 85 3f 10 18 78 19 d3 be 45 8d 0e 49 7b bb 40 7b 5d c5 55 97 e5 9d 35 9d 27 93 51 1d be 21 40 7d 42 88 f1 ca 9d ba 2a 28 3a f8 72 71 ba c7 40 7e 4d cf f4 13 b8 8f f1 9c e6 e4 a8 50 74 d0 40 80 bb 51 db 04 52 b7 b2 f3 5f dc db 6d 4b de 40 88 e2 91 a0 6c 67 8c d2 0b 9f d2 91 ca 6d 22 40 8a b9 d3 6a f9 07 64 05 ea 52 dc 44 82 0b 38 40 8b 54 ce 67 df 8c a3 48 2d 96 f6 ed e4 cf 78 40 8e 78 fd f9 d7 db ac 12 a0 80 27 db 9f 14 42 40 90 00 78 66 ff 66 2b 58 9f 18 13 aa 3d 6e b3 40 90 fa a1 0b 8e ee 2b 73 4b 59 c6 c9 b1 84 9b 40 93 53
                                                                                                                                                                                                    Data Ascii: 0/@;Y@mg*@q_)&<J@wokj@xMgXx)c)"@z?xEI{@{]U5'Q!@}B*(:rq@~MPt@QR_mK@lgm"@jdRD8@TgH-x@x'B@xff+X=n@+sKY@S
                                                                                                                                                                                                    2024-03-10 16:31:29 UTC16384INData Raw: 66 82 7d 26 60 5e 84 ec 72 2a af 39 49 bb 12 c2 0a 6a 68 a1 f1 aa 3c 93 f9 79 13 0e 49 bb 81 dd 8c 7e 5d 19 6b 54 60 33 c1 1e 70 56 49 bc df 84 ed 14 a3 5d 07 06 25 84 6a 95 02 e0 49 bd eb 48 24 83 1e f1 e0 29 fe 9e e6 22 da 07 49 c1 2d 65 e8 79 f6 32 c8 9b 5b 3f 1a a8 9d b9 49 c4 33 af 97 7a e9 a1 ba ed 12 d0 a3 40 1e 42 49 c5 09 f1 9f 2c bb 61 75 14 cf 80 9c 0e 85 9e 49 c8 81 16 cb ae 60 54 25 eb 75 fe e4 b5 16 8c 49 cc 62 7c 10 80 46 f7 71 86 18 7b bd ea 45 5f 49 cd ad e9 e7 ee e9 a2 7e 24 2e 10 93 70 b0 ad 49 d1 bc ac 01 05 b1 9b be b4 f8 4e e6 0c 0d ac 49 d2 4b be 25 0a bd 70 d0 f7 10 c2 d7 38 8b f2 49 d4 c5 71 4c 7f 7a 2a 83 c3 c3 50 d2 c2 4c 3e 49 d5 40 eb ee b7 40 f4 16 fe b4 e7 35 d0 25 e3 49 d6 e7 89 68 04 ba a1 f5 37 3f 51 0a 5e cc 25 49 da b4
                                                                                                                                                                                                    Data Ascii: f}&`^r*9Ijh<yI~]kT`3pVI]%jIH$)"I-ey2[?I3z@BI,auI`T%uIb|Fq{E_I~$.pINIK%p8IqLz*PL>I@@5%Ih7?Q^%I


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    5192.168.2.44976120.118.82.1674435724C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-03-10 16:31:31 UTC723OUTPOST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1
                                                                                                                                                                                                    Host: data-edge.smartscreen.microsoft.com
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Content-Length: 754
                                                                                                                                                                                                    Accept: application/octet-stream;application/x-patch-bsdiff;
                                                                                                                                                                                                    Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiZVBGM3g4bUZHakJPTU9JNXhHWkQwUT09IiwgImhhc2giOiJ5V21Ib0VjdVRITT0ifQ==
                                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                    If-None-Match: "636976985063396749.rel.v2"
                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                    2024-03-10 16:31:31 UTC754OUTData Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b
                                                                                                                                                                                                    Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
                                                                                                                                                                                                    2024-03-10 16:31:31 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                    Date: Sun, 10 Mar 2024 16:31:31 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 57
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Server: Kestrel
                                                                                                                                                                                                    ETag: "638343870221005468"
                                                                                                                                                                                                    Request-Context: appId=cid-v1:68ed2408-46f3-4e32-b9aa-2544a61aa301
                                                                                                                                                                                                    2024-03-10 16:31:31 UTC57INData Raw: 39 00 00 00 0a 00 00 00 6d 75 72 6d 75 72 33 00 0d 00 00 00 e7 00 00 00 0c 00 00 00 2c 4d f0 68 e4 05 e3 5a 14 87 bb 38 10 5c e2 c4 94 3c 26 4c 69 f1 48 99 f4 5b b2 3f 6d
                                                                                                                                                                                                    Data Ascii: 9murmur3,MhZ8\<&LiH[?m


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    6192.168.2.44976220.118.82.1674435724C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-03-10 16:31:31 UTC698OUTPOST /api/browser/edge/data/settings/3 HTTP/1.1
                                                                                                                                                                                                    Host: data-edge.smartscreen.microsoft.com
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Content-Length: 754
                                                                                                                                                                                                    Accept: application/octet-stream;application/x-patch-bsdiff;
                                                                                                                                                                                                    Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiZVBGM3g4bUZHakJPTU9JNXhHWkQwUT09IiwgImhhc2giOiJ5V21Ib0VjdVRITT0ifQ==
                                                                                                                                                                                                    Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                    If-None-Match: "2.0-0"
                                                                                                                                                                                                    Sec-Fetch-Site: none
                                                                                                                                                                                                    Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                    2024-03-10 16:31:31 UTC754OUTData Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b
                                                                                                                                                                                                    Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
                                                                                                                                                                                                    2024-03-10 16:31:32 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                    Date: Sun, 10 Mar 2024 16:31:32 GMT
                                                                                                                                                                                                    Content-Type: application/octet-stream
                                                                                                                                                                                                    Content-Length: 130439
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Server: Kestrel
                                                                                                                                                                                                    ETag: "2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1"
                                                                                                                                                                                                    Request-Context: appId=cid-v1:68ed2408-46f3-4e32-b9aa-2544a61aa301
                                                                                                                                                                                                    2024-03-10 16:31:32 UTC16082INData Raw: 7b 0d 0a 20 20 22 67 65 6f 69 64 4d 61 70 73 22 3a 20 7b 0d 0a 20 20 20 20 22 61 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 75 73 74 72 61 6c 69 61 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 63 68 22 3a 20 22 68 74 74 70 73 3a 2f 2f 73 77 69 74 7a 65 72 6c 61 6e 64 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 65 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 65 75 72 6f 70 65 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 66 66 6c 34 22 3a 20 22 68 74 74 70 73 3a 2f 2f 75 6e 69 74 65 64 73 74 61 74 65 73 31 2e 73 73 2e 77 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 75 73 2f 22 2c 0d 0a
                                                                                                                                                                                                    Data Ascii: { "geoidMaps": { "au": "https://australia.smartscreen.microsoft.com/", "ch": "https://switzerland.smartscreen.microsoft.com/", "eu": "https://europe.smartscreen.microsoft.com/", "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",
                                                                                                                                                                                                    2024-03-10 16:31:32 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 30 39 63 34 37 36 32 37 62 63 35 33 33 62 35 39 32 34 61 30 35 35 61 30 34 62 63 34 63 33 33 65 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 39 2e 35 38 33 34 34 30 31 37 37 34 34 37 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 36 33 34 65 62 32 30 64 62 35 30 38 65 33 61 33 31 62 36 31 34 38 31 61 32 35 31 62 66 39 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 33 33 37 30 36 38 35 39 32 37 38 32 37 33 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                    Data Ascii: { "key": "09c47627bc533b5924a055a04bc4c33e", "value": 9.58344017744784 }, { "key": "e634eb20db508e3a31b61481a251bf93", "value": -0.337068592782735
                                                                                                                                                                                                    2024-03-10 16:31:32 UTC16384INData Raw: 30 37 37 37 34 37 33 33 30 39 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 31 32 62 62 65 66 63 30 35 64 35 31 34 32 65 37 65 62 36 38 36 66 61 64 38 64 65 61 39 32 31 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 35 37 31 37 37 35 33 31 31 38 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 65 35 66 62 38 64 66 31 32 35 61 34 37 32 31 64 31 64 66 33 32 38 62 63 36 66 32 64 64 65 61 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a
                                                                                                                                                                                                    Data Ascii: 07774733095 }, { "key": "12bbefc05d5142e7eb686fad8dea9211", "value": -1.05717753118094 }, { "key": "ce5fb8df125a4721d1df328bc6f2ddea", "value":
                                                                                                                                                                                                    2024-03-10 16:31:32 UTC16384INData Raw: 20 2d 31 2e 39 30 31 33 34 36 37 39 37 33 36 34 32 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 66 32 33 35 64 63 66 36 62 34 32 39 62 61 34 31 36 64 63 65 37 34 64 34 62 36 66 62 63 34 37 62 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 31 2e 32 36 30 31 38 31 31 38 35 36 30 38 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 38 66 31 37 64 37 34 30 33 61 63 35 66 66 32 38 39 36 61 37 31 33 61 37 31 37 35 65 64 31 39 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61
                                                                                                                                                                                                    Data Ascii: -1.9013467973642 }, { "key": "f235dcf6b429ba416dce74d4b6fbc47b", "value": 1.26018118560884 }, { "key": "c8f17d7403ac5ff2896a713a7175ed19", "va
                                                                                                                                                                                                    2024-03-10 16:31:32 UTC16384INData Raw: 36 62 64 32 65 65 33 36 63 30 33 66 36 66 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 35 2e 38 35 39 38 36 34 33 39 33 34 36 35 37 36 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 66 64 32 61 66 36 30 63 38 35 30 31 39 33 31 63 62 39 63 37 33 36 62 35 61 64 37 34 66 36 35 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 33 2e 39 35 36 39 39 35 33 35 33 36 34 30 30 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 32 63 38 34 38 35 34 38 64 34 36 30 63
                                                                                                                                                                                                    Data Ascii: 6bd2ee36c03f6f", "value": 5.85986439346576 }, { "key": "efd2af60c8501931cb9c736b5ad74f65", "value": 3.95699535364003 }, { "key": "2c848548d460c
                                                                                                                                                                                                    2024-03-10 16:31:32 UTC16384INData Raw: 20 22 6b 65 79 22 3a 20 22 65 31 36 38 36 30 37 38 64 31 62 36 30 64 33 35 31 64 61 35 61 38 37 35 34 33 61 32 61 36 36 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 37 2e 35 30 36 36 35 35 32 34 32 36 32 35 35 31 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 33 61 33 34 31 37 66 35 66 32 30 61 30 33 61 39 38 39 37 33 36 38 39 38 38 37 66 62 37 32 61 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 37 34 39 32 32 35 31 37 36 34 32 37 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20
                                                                                                                                                                                                    Data Ascii: "key": "e1686078d1b60d351da5a87543a2a663", "value": 7.50665524262551 }, { "key": "3a3417f5f20a03a98973689887fb72a2", "value": -1.74922517642794 }, {
                                                                                                                                                                                                    2024-03-10 16:31:32 UTC16384INData Raw: 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 62 30 64 61 32 37 35 35 32 30 39 31 38 65 32 33 64 64 36 31 35 65 32 61 37 34 37 35 32 38 66 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 39 37 36 31 34 30 37 39 32 39 31 35 33 37 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 66 61 62 31 62 61 38 63 36 37 63 37 63 38 33 38 64 62 39 38 64 36 36 36 66 30 32 61 31 33 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 31 31 37 38 37 35 38 36 30 34 35 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a
                                                                                                                                                                                                    Data Ascii: { "key": "b0da275520918e23dd615e2a747528f1", "value": -0.976140792915373 }, { "key": "cfab1ba8c67c7c838db98d666f02a132", "value": -1.11787586045094 },
                                                                                                                                                                                                    2024-03-10 16:31:32 UTC16053INData Raw: 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 64 65 39 35 62 34 33 62 63 65 65 62 34 62 39 39 38 61 65 64 34 61 65 64 35 63 65 66 31 61 65 37 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 33 33 31 39 35 35 36 37 30 31 31 37 37 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 61 64 64 65 63 34 32 36 39 33 32 65 37 31 33 32 33 37 30 30 61 66 61 31 39 31 31 66 38 66 31 63 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 30 2e 31 36 30 39 38 34 33 32 38 39 38 35 39 32 34 0d
                                                                                                                                                                                                    Data Ascii: }, { "key": "de95b43bceeb4b998aed4aed5cef1ae7", "value": -1.03319556701177 }, { "key": "addec426932e71323700afa1911f8f1c", "value": 0.160984328985924


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    7192.168.2.44976631.13.65.494435724C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-03-10 16:31:37 UTC732OUTPOST /wa_qpl_data HTTP/1.1
                                                                                                                                                                                                    Host: graph.whatsapp.net
                                                                                                                                                                                                    Connection: keep-alive
                                                                                                                                                                                                    Content-Length: 1186
                                                                                                                                                                                                    sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                                                                                                                                                                                    sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                    sec-ch-ua-mobile: ?0
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                    Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryIdIA2DLLOnPRD8FE
                                                                                                                                                                                                    Accept: */*
                                                                                                                                                                                                    Origin: https://web.whatsapp.com
                                                                                                                                                                                                    Sec-Fetch-Site: cross-site
                                                                                                                                                                                                    Sec-Fetch-Mode: cors
                                                                                                                                                                                                    Sec-Fetch-Dest: empty
                                                                                                                                                                                                    Referer: https://web.whatsapp.com/
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                    2024-03-10 16:31:37 UTC1186OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 49 64 49 41 32 44 4c 4c 4f 6e 50 52 44 38 46 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 63 65 73 73 5f 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 30 36 33 31 32 37 37 35 37 31 31 33 33 39 39 7c 37 34 35 31 34 36 66 66 61 33 34 34 31 33 66 39 64 62 62 35 34 36 39 66 35 33 37 30 62 37 61 66 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 49 64 49 41 32 44 4c 4c 4f 6e 50 52 44 38 46 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 70 70 5f 69 64 22 0d 0a 0d 0a 31 36 37 30 32 38 36 39 30 35 33 35 33 32 32 0d
                                                                                                                                                                                                    Data Ascii: ------WebKitFormBoundaryIdIA2DLLOnPRD8FEContent-Disposition: form-data; name="access_token"1063127757113399|745146ffa34413f9dbb5469f5370b7af------WebKitFormBoundaryIdIA2DLLOnPRD8FEContent-Disposition: form-data; name="app_id"167028690535322
                                                                                                                                                                                                    2024-03-10 16:31:38 UTC607INHTTP/1.1 200 OK
                                                                                                                                                                                                    Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                    Vary: Origin
                                                                                                                                                                                                    Vary: Accept-Encoding
                                                                                                                                                                                                    Access-Control-Allow-Origin: *
                                                                                                                                                                                                    facebook-api-version: v13.0
                                                                                                                                                                                                    Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                    Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                                    x-fb-request-id: AxYP0oQlAVvaLiDpzcEEZSE
                                                                                                                                                                                                    x-fb-trace-id: EjKDce+zDf/
                                                                                                                                                                                                    x-fb-rev: 1011957409
                                                                                                                                                                                                    X-FB-Debug: SwForWoqvClUkyE0opRC1COvFSbaVl5G/gRsB1ejy7gZ9E4fgcEh42tMYxQHCsH3HyC/5EA7+0fsY6LIRHYrMw==
                                                                                                                                                                                                    Date: Sun, 10 Mar 2024 16:31:38 GMT
                                                                                                                                                                                                    Connection: close
                                                                                                                                                                                                    Content-Length: 22
                                                                                                                                                                                                    2024-03-10 16:31:38 UTC22INData Raw: 7b 0a 20 20 20 22 73 75 63 63 65 73 73 22 3a 20 74 72 75 65 0a 7d
                                                                                                                                                                                                    Data Ascii: { "success": true}


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    8192.168.2.44976731.13.65.494435724C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-03-10 16:31:47 UTC533OUTGET /ws/chat HTTP/1.1
                                                                                                                                                                                                    Host: web.whatsapp.com
                                                                                                                                                                                                    Connection: Upgrade
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                    Upgrade: websocket
                                                                                                                                                                                                    Origin: https://web.whatsapp.com
                                                                                                                                                                                                    Sec-WebSocket-Version: 13
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                    Sec-WebSocket-Key: CyBqXT+TEqvEfDjXYOiLfQ==
                                                                                                                                                                                                    Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                    2024-03-10 16:31:47 UTC63INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                    Date: Sun, 10 Mar 2024 16:31:47 GMT
                                                                                                                                                                                                    2024-03-10 16:31:47 UTC2591INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 71 75 65 73 74 5f 65 72 72 6f 72 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4a 38 46 71 42 30 43 65 63 62 31 51 49 41 41 69 47 31 6e 49 6a 62 66 45 79 45 44 4d 72 34 77 78 4a 69 30 7a 65 63 4e 37 6b 58 5f 56 55 4e 69 32 6c 61 57 64 36 49 73 61 58 47 73 51 22 3b 20 65 5f 63 6c 69 65 6e 74 61 64 64 72 3d 22 41 63 4b 50 39 64 31 51 31 50 75 6f 58 62 41 6f 52 2d 71 49 37 49 41 48 46 59 71 76 67 67 6c 4d 36 73 37 73 38 51 42 43 65 4d 42 68 6b 6c 79 6b 69 53 59 4d 58 55 58 75 70 54 55 75 74 35 5a 61 64 73 42 62 63 32 66 42 32 69 39 41 34 51 38 46 5f 78 4b 31 46 46 51 63 72 54 2d 51 70 43 44 56 46 7a 5a 7a 56 6a 39 37 73 64 7a 31 72 52 69 78 22 3b 20 65 5f 66 62 5f 76 69
                                                                                                                                                                                                    Data Ascii: Proxy-Status: http_request_error; e_fb_configversion="AcJ8FqB0Cecb1QIAAiG1nIjbfEyEDMr4wxJi0zecN7kX_VUNi2laWd6IsaXGsQ"; e_clientaddr="AcKP9d1Q1PuoXbAoR-qI7IAHFYqvgglM6s7s8QBCeMBhklykiSYMXUXupTUut5ZadsBbc2fB2i9A4Q8F_xK1FFQcrT-QpCDVFzZzVj97sdz1rRix"; e_fb_vi


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    9192.168.2.44976831.13.65.494435724C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-03-10 16:31:51 UTC533OUTGET /ws/chat HTTP/1.1
                                                                                                                                                                                                    Host: web.whatsapp.com
                                                                                                                                                                                                    Connection: Upgrade
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                    Upgrade: websocket
                                                                                                                                                                                                    Origin: https://web.whatsapp.com
                                                                                                                                                                                                    Sec-WebSocket-Version: 13
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                    Sec-WebSocket-Key: cHU1+tHHVTa94ohtwhrPqw==
                                                                                                                                                                                                    Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                    2024-03-10 16:31:51 UTC63INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                    Date: Sun, 10 Mar 2024 16:31:51 GMT
                                                                                                                                                                                                    2024-03-10 16:31:51 UTC2593INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 71 75 65 73 74 5f 65 72 72 6f 72 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4c 64 50 6a 46 32 64 67 61 34 48 33 41 71 76 6f 73 51 4a 4b 78 74 30 69 72 69 2d 43 58 43 58 4c 6e 45 49 4d 4d 6d 54 71 68 34 57 72 56 73 69 30 45 76 54 32 37 41 4b 77 68 44 71 77 22 3b 20 65 5f 63 6c 69 65 6e 74 61 64 64 72 3d 22 41 63 4a 51 52 73 74 47 31 48 62 6f 34 4e 32 68 2d 79 33 36 6a 42 5a 64 39 78 36 44 72 6f 31 7a 45 74 62 77 33 76 77 6d 32 57 4c 34 50 58 47 76 6a 78 43 37 70 53 64 67 46 78 38 50 61 6c 34 79 74 44 32 46 78 71 43 46 53 79 37 43 6d 45 34 38 34 65 6d 45 4f 62 66 41 77 4f 34 4d 71 69 71 4d 52 57 34 57 47 48 31 48 6f 52 6a 5f 2d 62 44 77 22 3b 20 65 5f 66 62 5f 76 69
                                                                                                                                                                                                    Data Ascii: Proxy-Status: http_request_error; e_fb_configversion="AcLdPjF2dga4H3AqvosQJKxt0iri-CXCXLnEIMMmTqh4WrVsi0EvT27AKwhDqw"; e_clientaddr="AcJQRstG1Hbo4N2h-y36jBZd9x6Dro1zEtbw3vwm2WL4PXGvjxC7pSdgFx8Pal4ytD2FxqCFSy7CmE484emEObfAwO4MqiqMRW4WGH1HoRj_-bDw"; e_fb_vi


                                                                                                                                                                                                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                    10192.168.2.44976931.13.65.494435724C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    TimestampBytes transferredDirectionData
                                                                                                                                                                                                    2024-03-10 16:32:04 UTC533OUTGET /ws/chat HTTP/1.1
                                                                                                                                                                                                    Host: web.whatsapp.com
                                                                                                                                                                                                    Connection: Upgrade
                                                                                                                                                                                                    Pragma: no-cache
                                                                                                                                                                                                    Cache-Control: no-cache
                                                                                                                                                                                                    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                    Upgrade: websocket
                                                                                                                                                                                                    Origin: https://web.whatsapp.com
                                                                                                                                                                                                    Sec-WebSocket-Version: 13
                                                                                                                                                                                                    Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                    Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                    Sec-WebSocket-Key: ZPNXETgzC0nJavj88P4KpA==
                                                                                                                                                                                                    Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                    2024-03-10 16:32:04 UTC63INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                    Date: Sun, 10 Mar 2024 16:32:04 GMT
                                                                                                                                                                                                    2024-03-10 16:32:04 UTC2594INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 71 75 65 73 74 5f 65 72 72 6f 72 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4c 49 51 53 48 50 51 4c 49 4c 6f 42 50 38 78 2d 33 5f 59 58 63 48 4b 50 64 6a 6f 32 64 6c 2d 77 67 41 71 6e 33 63 62 78 6c 6d 6f 6d 6a 30 5a 34 4e 67 71 45 78 66 63 42 44 61 59 41 22 3b 20 65 5f 63 6c 69 65 6e 74 61 64 64 72 3d 22 41 63 49 43 78 44 53 36 73 63 65 36 4b 62 47 49 49 47 76 73 32 52 64 35 70 66 6b 56 71 34 31 6f 34 78 5f 76 57 73 6c 35 75 77 71 51 57 4f 76 4e 33 36 4d 68 35 4b 46 54 2d 71 66 6b 36 5f 2d 49 75 4a 2d 75 4b 79 38 43 4b 46 59 4d 37 6a 6b 4b 6f 6f 57 76 46 5f 4e 6e 62 53 55 5a 57 4e 5a 32 35 65 6e 4e 39 61 67 4c 2d 55 61 76 73 54 73 6c 75 77 22 3b 20 65 5f 66 62 5f
                                                                                                                                                                                                    Data Ascii: Proxy-Status: http_request_error; e_fb_configversion="AcLIQSHPQLILoBP8x-3_YXcHKPdjo2dl-wgAqn3cbxlmomj0Z4NgqExfcBDaYA"; e_clientaddr="AcICxDS6sce6KbGIIGvs2Rd5pfkVq41o4x_vWsl5uwqQWOvN36Mh5KFT-qfk6_-IuJ-uKy8CKFYM7jkKooWvF_NnbSUZWNZ25enN9agL-UavsTsluw"; e_fb_


                                                                                                                                                                                                    Statistics

                                                                                                                                                                                                    CPU Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    Memory Usage

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    High Level Behavior Distribution

                                                                                                                                                                                                    Click to dive into process behavior distribution

                                                                                                                                                                                                    Behavior

                                                                                                                                                                                                    Click to jump to process

                                                                                                                                                                                                    System Behavior

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:0
                                                                                                                                                                                                    Start time:17:30:03
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                                                                    Imagebase:0x100000
                                                                                                                                                                                                    File size:3'511'296 bytes
                                                                                                                                                                                                    MD5 hash:F24A4D5B6036A3DE2EBA88868BD771F2
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2075054867.0000000002CDF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2075054867.00000000028E2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2103267180.0000000007BA8000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2075925447.0000000003C18000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:1
                                                                                                                                                                                                    Start time:17:30:04
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                                                                                                                                                                                                    Imagebase:0x240000
                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:2
                                                                                                                                                                                                    Start time:17:30:04
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:3
                                                                                                                                                                                                    Start time:17:30:04
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:powershell set-mppreference -exclusionpath C:\
                                                                                                                                                                                                    Imagebase:0x460000
                                                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:8
                                                                                                                                                                                                    Start time:17:30:36
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe"
                                                                                                                                                                                                    Imagebase:0x400000
                                                                                                                                                                                                    File size:3'178'277 bytes
                                                                                                                                                                                                    MD5 hash:C9C01FDC7D3AD84CEEB43C6B099A8AD5
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:9
                                                                                                                                                                                                    Start time:17:30:37
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                    Imagebase:0x2b0000
                                                                                                                                                                                                    File size:56'368 bytes
                                                                                                                                                                                                    MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:10
                                                                                                                                                                                                    Start time:17:30:37
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                    Imagebase:0x2e0000
                                                                                                                                                                                                    File size:56'368 bytes
                                                                                                                                                                                                    MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:11
                                                                                                                                                                                                    Start time:17:30:37
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                    Imagebase:0x490000
                                                                                                                                                                                                    File size:56'368 bytes
                                                                                                                                                                                                    MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000000B.00000002.2995046316.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.3099898068.0000000007450000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_BrowserPasswordDump_1, Description: Yara detected BrowserPasswordDump, Source: 0000000B.00000002.3099898068.0000000007450000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID, Description: Detects executables referencing Windows vault credential objects. Observed in infostealers, Source: 0000000B.00000002.3099898068.0000000007450000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                    • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 0000000B.00000002.3028502871.0000000002851000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000000B.00000002.3028502871.0000000002851000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:12
                                                                                                                                                                                                    Start time:17:30:42
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                    Imagebase:0xdb0000
                                                                                                                                                                                                    File size:187'904 bytes
                                                                                                                                                                                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:13
                                                                                                                                                                                                    Start time:17:30:42
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:14
                                                                                                                                                                                                    Start time:17:30:44
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                    Imagebase:0x920000
                                                                                                                                                                                                    File size:56'368 bytes
                                                                                                                                                                                                    MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:moderate
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:15
                                                                                                                                                                                                    Start time:17:30:44
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:16
                                                                                                                                                                                                    Start time:17:30:48
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\WinUpdate.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\WinUpdate.exe"
                                                                                                                                                                                                    Imagebase:0x960000
                                                                                                                                                                                                    File size:3'511'296 bytes
                                                                                                                                                                                                    MD5 hash:F24A4D5B6036A3DE2EBA88868BD771F2
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000010.00000002.2198821760.0000000003091000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000010.00000002.2198821760.00000000032CB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000010.00000002.2203478621.0000000004091000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000010.00000002.2198821760.00000000032CE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000010.00000002.2198821760.00000000032EA000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000010.00000002.2198821760.00000000032E2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000010.00000002.2261869120.0000000005F9D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:19
                                                                                                                                                                                                    Start time:17:30:49
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Windows\SysWOW64\cmd.exe" /k START "" "C:\Users\user\AppData\Local\WinUpdate.exe" & EXIT
                                                                                                                                                                                                    Imagebase:0x240000
                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:20
                                                                                                                                                                                                    Start time:17:30:49
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Reputation:high
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:21
                                                                                                                                                                                                    Start time:17:30:50
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\WinUpdate.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\WinUpdate.exe"
                                                                                                                                                                                                    Imagebase:0x370000
                                                                                                                                                                                                    File size:3'511'296 bytes
                                                                                                                                                                                                    MD5 hash:F24A4D5B6036A3DE2EBA88868BD771F2
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000015.00000002.2561460834.0000000002A32000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000015.00000002.2575343992.0000000004984000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000015.00000002.2561460834.0000000002F45000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    Reputation:low
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:22
                                                                                                                                                                                                    Start time:17:30:51
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                                                                                                                                                                                                    Imagebase:0x240000
                                                                                                                                                                                                    File size:236'544 bytes
                                                                                                                                                                                                    MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:23
                                                                                                                                                                                                    Start time:17:30:51
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:24
                                                                                                                                                                                                    Start time:17:30:51
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:powershell set-mppreference -exclusionpath C:\
                                                                                                                                                                                                    Imagebase:0x460000
                                                                                                                                                                                                    File size:433'152 bytes
                                                                                                                                                                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:26
                                                                                                                                                                                                    Start time:17:30:56
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\XClient.exe"
                                                                                                                                                                                                    Imagebase:0x150000
                                                                                                                                                                                                    File size:56'368 bytes
                                                                                                                                                                                                    MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:27
                                                                                                                                                                                                    Start time:17:30:56
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:28
                                                                                                                                                                                                    Start time:17:30:58
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe
                                                                                                                                                                                                    Imagebase:0xee0000
                                                                                                                                                                                                    File size:2'941'952 bytes
                                                                                                                                                                                                    MD5 hash:895F3A548FD8FA6FD1355AF6D218DA2C
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Antivirus matches:
                                                                                                                                                                                                    • Detection: 0%, ReversingLabs
                                                                                                                                                                                                    • Detection: 0%, Virustotal, Browse
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:29
                                                                                                                                                                                                    Start time:17:31:00
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                    Imagebase:0x7ff6eef20000
                                                                                                                                                                                                    File size:55'320 bytes
                                                                                                                                                                                                    MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:30
                                                                                                                                                                                                    Start time:17:31:01
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                    Imagebase:0xa60000
                                                                                                                                                                                                    File size:56'368 bytes
                                                                                                                                                                                                    MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:31
                                                                                                                                                                                                    Start time:17:31:01
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:true
                                                                                                                                                                                                    Has administrator privileges:true
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:33
                                                                                                                                                                                                    Start time:17:31:02
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3736.6896.865895741088582256
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:34
                                                                                                                                                                                                    Start time:17:31:02
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x15c,0x170,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:35
                                                                                                                                                                                                    Start time:17:31:03
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1760 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:2
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:36
                                                                                                                                                                                                    Start time:17:31:03
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2212 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:3
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:37
                                                                                                                                                                                                    Start time:17:31:03
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2452 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:8
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:38
                                                                                                                                                                                                    Start time:17:31:04
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883373791 --launch-time-ticks=6381239210 --mojo-platform-channel-handle=3372 --field-trial-handle=1788,i,16355195492384305926,16374920603742595723,262144 --enable-features=MojoIpcz /prefetch:1
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:39
                                                                                                                                                                                                    Start time:17:31:04
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Local\WinUpdate.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Local\WinUpdate.exe"
                                                                                                                                                                                                    Imagebase:0xfc0000
                                                                                                                                                                                                    File size:3'511'296 bytes
                                                                                                                                                                                                    MD5 hash:F24A4D5B6036A3DE2EBA88868BD771F2
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Yara matches:
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000027.00000002.2375843757.0000000003B26000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000027.00000002.2375843757.0000000003B2E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000027.00000002.2439203384.0000000006B5D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000027.00000002.2375843757.000000000381E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000027.00000002.2375843757.0000000003B0E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000027.00000002.2375843757.0000000003B12000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:40
                                                                                                                                                                                                    Start time:17:31:06
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3736.6896.16963202530693688502
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:41
                                                                                                                                                                                                    Start time:17:31:07
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x164,0x168,0x16c,0x13c,0x1a4,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:42
                                                                                                                                                                                                    Start time:17:31:13
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                    Wow64 process (32bit):true
                                                                                                                                                                                                    Commandline:"C:\Users\user\AppData\Roaming\XClient.exe"
                                                                                                                                                                                                    Imagebase:0xe10000
                                                                                                                                                                                                    File size:56'368 bytes
                                                                                                                                                                                                    MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:43
                                                                                                                                                                                                    Start time:17:31:13
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                    Imagebase:0x7ff7699e0000
                                                                                                                                                                                                    File size:862'208 bytes
                                                                                                                                                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:44
                                                                                                                                                                                                    Start time:17:31:17
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1780 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:2
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:45
                                                                                                                                                                                                    Start time:17:31:17
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2376 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:3
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:46
                                                                                                                                                                                                    Start time:17:31:17
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=3736.6896.10684777464287357477
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:47
                                                                                                                                                                                                    Start time:17:31:18
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2628 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:8
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:48
                                                                                                                                                                                                    Start time:17:31:18
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x160,0x164,0x168,0x13c,0x1a0,0x7ffdfb318e88,0x7ffdfb318e98,0x7ffdfb318ea8
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:49
                                                                                                                                                                                                    Start time:17:31:18
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6395273895 --mojo-platform-channel-handle=3444 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:50
                                                                                                                                                                                                    Start time:17:31:19
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6395660630 --mojo-platform-channel-handle=3580 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:true

                                                                                                                                                                                                    General

                                                                                                                                                                                                    Target ID:52
                                                                                                                                                                                                    Start time:17:31:20
                                                                                                                                                                                                    Start date:10/03/2024
                                                                                                                                                                                                    Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                    Wow64 process (32bit):false
                                                                                                                                                                                                    Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710081883367231 --launch-time-ticks=6396649396 --mojo-platform-channel-handle=3976 --field-trial-handle=1228,i,12600584099610770697,13500471582156680375,262144 --enable-features=MojoIpcz /prefetch:1
                                                                                                                                                                                                    Imagebase:0x7ff67d0c0000
                                                                                                                                                                                                    File size:3'749'328 bytes
                                                                                                                                                                                                    MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                    Has elevated privileges:false
                                                                                                                                                                                                    Has administrator privileges:false
                                                                                                                                                                                                    Programmed in:C, C++ or other language
                                                                                                                                                                                                    Has exited:false

                                                                                                                                                                                                    Disassembly

                                                                                                                                                                                                    Reset < >

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:13.9%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                      Signature Coverage:27.6%
                                                                                                                                                                                                      Total number of Nodes:87
                                                                                                                                                                                                      Total number of Limit Nodes:7
                                                                                                                                                                                                      execution_graph 26468 63b9f78 26470 63b9fcd CreateFileA 26468->26470 26471 63ba08b 26470->26471 26475 48b3f71 26476 48b3f7b 26475->26476 26480 63ba338 26476->26480 26484 63ba348 26476->26484 26477 48b4025 26481 63ba35b 26480->26481 26482 63ba362 26480->26482 26481->26482 26488 63ba3b9 26481->26488 26482->26477 26485 63ba362 26484->26485 26486 63ba35b 26484->26486 26485->26477 26486->26485 26487 63ba3b9 12 API calls 26486->26487 26487->26485 26489 63ba3d5 26488->26489 26490 63ba3e5 26489->26490 26495 63bb7e3 26489->26495 26511 63bbeb0 26489->26511 26527 63bb7f0 26489->26527 26490->26482 26491 63ba411 26491->26482 26496 63bb7c0 26495->26496 26497 63bb7e7 26495->26497 26496->26491 26497->26496 26500 63bbeb0 12 API calls 26497->26500 26507 63bb128 WriteProcessMemory 26497->26507 26508 63bb127 WriteProcessMemory 26497->26508 26509 63baf88 Wow64SetThreadContext 26497->26509 26510 63baf90 Wow64SetThreadContext 26497->26510 26543 63bb2d0 26497->26543 26547 63bb2c4 26497->26547 26552 63bb710 26497->26552 26556 63bb708 26497->26556 26560 63bb060 26497->26560 26565 63bb068 26497->26565 26569 63baee0 26497->26569 26573 63baed8 26497->26573 26500->26497 26507->26497 26508->26497 26509->26497 26510->26497 26513 63bb811 26511->26513 26512 63bbe9f 26512->26491 26513->26512 26514 63baed8 ResumeThread 26513->26514 26515 63baee0 ResumeThread 26513->26515 26516 63bbeb0 12 API calls 26513->26516 26517 63bb2d0 CreateProcessA 26513->26517 26518 63bb2c4 CreateProcessA 26513->26518 26519 63bb068 VirtualAllocEx 26513->26519 26520 63bb060 VirtualAllocEx 26513->26520 26521 63bb708 ReadProcessMemory 26513->26521 26522 63bb710 ReadProcessMemory 26513->26522 26523 63bb128 WriteProcessMemory 26513->26523 26524 63bb127 WriteProcessMemory 26513->26524 26525 63baf88 Wow64SetThreadContext 26513->26525 26526 63baf90 Wow64SetThreadContext 26513->26526 26514->26513 26515->26513 26516->26513 26517->26513 26518->26513 26519->26513 26520->26513 26521->26513 26522->26513 26523->26513 26524->26513 26525->26513 26526->26513 26529 63bb811 26527->26529 26528 63bbe9f 26528->26491 26529->26528 26530 63baed8 ResumeThread 26529->26530 26531 63baee0 ResumeThread 26529->26531 26532 63bbeb0 12 API calls 26529->26532 26533 63bb2d0 CreateProcessA 26529->26533 26534 63bb2c4 CreateProcessA 26529->26534 26535 63bb068 VirtualAllocEx 26529->26535 26536 63bb060 VirtualAllocEx 26529->26536 26537 63bb708 ReadProcessMemory 26529->26537 26538 63bb710 ReadProcessMemory 26529->26538 26539 63bb128 WriteProcessMemory 26529->26539 26540 63bb127 WriteProcessMemory 26529->26540 26541 63baf88 Wow64SetThreadContext 26529->26541 26542 63baf90 Wow64SetThreadContext 26529->26542 26530->26529 26531->26529 26532->26529 26533->26529 26534->26529 26535->26529 26536->26529 26537->26529 26538->26529 26539->26529 26540->26529 26541->26529 26542->26529 26544 63bb359 CreateProcessA 26543->26544 26546 63bb51b 26544->26546 26546->26546 26548 63bb2a0 26547->26548 26549 63bb2c7 26547->26549 26548->26497 26549->26548 26550 63bb4be CreateProcessA 26549->26550 26551 63bb51b 26550->26551 26551->26551 26553 63bb75b ReadProcessMemory 26552->26553 26555 63bb79f 26553->26555 26555->26497 26557 63bb75b ReadProcessMemory 26556->26557 26559 63bb79f 26557->26559 26559->26497 26561 63bb03c 26560->26561 26562 63bb063 VirtualAllocEx 26560->26562 26561->26497 26564 63bb0e5 26562->26564 26564->26497 26566 63bb0a8 VirtualAllocEx 26565->26566 26568 63bb0e5 26566->26568 26568->26497 26570 63baf20 ResumeThread 26569->26570 26572 63baf51 26570->26572 26572->26497 26574 63baf20 ResumeThread 26573->26574 26576 63baf51 26574->26576 26576->26497 26472 63ba110 26473 63ba158 DuplicateHandle 26472->26473 26474 63ba1a5 26473->26474

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 048B71C0 Relevance: 16.1, Strings: 12, Instructions: 1144COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
                                                                                                                                                                                                      • API String ID: 0-312445597
                                                                                                                                                                                                      • Opcode ID: 721b452ed2f72dd45a8603d50c4f71fe7cb366ca5f3e46e6b4ff8c529bf8014b
                                                                                                                                                                                                      • Instruction ID: 3d3b134d1c43e258ff71f33cf2adec8f8522654dd21d45fffe2988adeb604d93
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 721b452ed2f72dd45a8603d50c4f71fe7cb366ca5f3e46e6b4ff8c529bf8014b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75B20934A002188FDB14DFA4C894BADB7B6FB88700F158999E545EB3A5DB70ED85CF90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B74F7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: ,bq$4$$^q$$^q$$^q$$^q
                                                                                                                                                                                                      • API String ID: 0-2546334966
                                                                                                                                                                                                      • Opcode ID: c9368c3d4ab046e45389a25b1c8d8edba21be0c2a2a4c727ba48df3f6409d9df
                                                                                                                                                                                                      • Instruction ID: 26b38f0ddf239654f12dce280b0eba4de39add2202b448432fbbbbdfa4b83847
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c9368c3d4ab046e45389a25b1c8d8edba21be0c2a2a4c727ba48df3f6409d9df
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0A220A34A00619CFEB24DF64C994BA9B7B2FF88704F148599D509EB3A5DB70AD81CF90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BAC68 Relevance: 4.4, Strings: 3, Instructions: 668COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (_^q$Pl^q$$^q
                                                                                                                                                                                                      • API String ID: 0-912065397
                                                                                                                                                                                                      • Opcode ID: 190d58dc04f5c7620fdfa7e4dcd77acd8c8e15bcb37f2dd8427911c978253c5c
                                                                                                                                                                                                      • Instruction ID: 2441799618391383cc3123e6f3ea0d8d9670c2d361fdf5bc5889c24f5e4057b6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 190d58dc04f5c7620fdfa7e4dcd77acd8c8e15bcb37f2dd8427911c978253c5c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C426B30B006088FDB18DF29C588AAE77E2FF89704B1589A9D546CB765DB71FC42CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063B7358 Relevance: 3.3, Strings: 2, Instructions: 823COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1407 63b7358-63b736e 1408 63b7389-63b7395 1407->1408 1409 63b7370-63b7387 1407->1409 1410 63b73af-63b73ce 1408->1410 1411 63b7397-63b73ac 1408->1411 1409->1410 1413 63b73d0-63b73e0 1410->1413 1414 63b7417-63b741b 1410->1414 1411->1410 1415 63b73e8-63b73ee 1413->1415 1416 63b73e2 1413->1416 1417 63b743d-63b7443 1414->1417 1418 63b741d-63b7421 1414->1418 1415->1414 1416->1414 1420 63b73e4-63b73e6 1416->1420 1422 63b744b-63b7451 1417->1422 1423 63b7445-63b7449 1417->1423 1418->1417 1421 63b7423-63b743b 1418->1421 1420->1414 1420->1415 1421->1417 1426 63b73f0-63b7400 1421->1426 1423->1422 1424 63b7454-63b74ac 1423->1424 1432 63b752e-63b7587 1424->1432 1433 63b74b2-63b74bf 1424->1433 1426->1414 1428 63b7402-63b7414 1426->1428 1428->1414 1448 63b7648-63b7680 1432->1448 1449 63b758d-63b7593 1432->1449 1436 63b74c1-63b74cc 1433->1436 1437 63b74d6-63b74da 1433->1437 1441 63b74d1-63b74d4 1436->1441 1439 63b74dc-63b7500 1437->1439 1440 63b7502 1437->1440 1439->1440 1442 63b750b-63b752b 1439->1442 1440->1442 1441->1442 1464 63b761b 1448->1464 1467 63b7682-63b76a9 1448->1467 1450 63b75bd-63b75ce 1449->1450 1451 63b7595-63b7598 1449->1451 1457 63b75d0 1450->1457 1458 63b75d6-63b75da 1450->1458 1452 63b759a-63b75bc 1451->1452 1453 63b7613 1451->1453 1456 63b7617-63b761a 1453->1456 1456->1464 1460 63b75e2-63b7612 1457->1460 1461 63b75d2-63b75d4 1457->1461 1458->1460 1461->1458 1461->1460 1464->1456 1465 63b761d-63b7641 1464->1465 1465->1448 1471 63b76ab-63b76d2 1467->1471 1472 63b76d3-63b7721 1467->1472 1478 63b7723-63b772c call 63b7358 1472->1478 1479 63b7731-63b7735 1472->1479 1478->1479 1480 63b774b-63b775c 1479->1480 1481 63b7737-63b7746 1479->1481 1484 63b7c5a-63b7c7a 1480->1484 1485 63b7762-63b7777 1480->1485 1483 63b7ae0-63b7ae7 1481->1483 1492 63b7c7c-63b7c80 1484->1492 1493 63b7c93-63b7cde 1484->1493 1486 63b7779-63b777e 1485->1486 1487 63b7783-63b7796 1485->1487 1486->1483 1488 63b7ae8-63b7b06 1487->1488 1489 63b779c-63b77a8 1487->1489 1501 63b7b0d-63b7b2b 1488->1501 1489->1484 1491 63b77ae-63b77e5 1489->1491 1494 63b77f1-63b77f5 1491->1494 1495 63b77e7-63b77ec 1491->1495 1497 63b7c82-63b7c8d 1492->1497 1498 63b7c90-63b7c92 1492->1498 1523 63b7ced-63b7cf2 1493->1523 1524 63b7ce0-63b7cec 1493->1524 1500 63b77fb-63b7807 1494->1500 1494->1501 1495->1483 1497->1498 1500->1484 1503 63b780d-63b7844 1500->1503 1511 63b7b32-63b7b50 1501->1511 1507 63b7850-63b7854 1503->1507 1508 63b7846-63b784b 1503->1508 1510 63b785a-63b7866 1507->1510 1507->1511 1508->1483 1510->1484 1514 63b786c-63b78a3 1510->1514 1519 63b7b57-63b7b75 1511->1519 1515 63b78af-63b78b3 1514->1515 1516 63b78a5-63b78aa 1514->1516 1518 63b78b9-63b78c5 1515->1518 1515->1519 1516->1483 1518->1484 1522 63b78cb-63b7902 1518->1522 1534 63b7b7c-63b7b9a 1519->1534 1526 63b790e-63b7912 1522->1526 1527 63b7904-63b7909 1522->1527 1529 63b7d30-63b7d34 1523->1529 1530 63b7cf4-63b7cf7 1523->1530 1533 63b7918-63b7924 1526->1533 1526->1534 1527->1483 1531 63b7d25-63b7d2e 1530->1531 1531->1529 1538 63b7cf9-63b7d0d 1531->1538 1533->1484 1537 63b792a-63b7961 1533->1537 1544 63b7ba1-63b7bbf 1534->1544 1539 63b796d-63b7971 1537->1539 1540 63b7963-63b7968 1537->1540 1546 63b7d0f-63b7d23 call 63b6118 1538->1546 1547 63b7d24 1538->1547 1539->1544 1545 63b7977-63b7983 1539->1545 1540->1483 1556 63b7bc6-63b7be4 1544->1556 1545->1484 1548 63b7989-63b79c0 1545->1548 1547->1531 1552 63b79cc-63b79d0 1548->1552 1553 63b79c2-63b79c7 1548->1553 1552->1556 1557 63b79d6-63b79e2 1552->1557 1553->1483 1563 63b7beb-63b7c09 1556->1563 1557->1484 1559 63b79e8-63b7a1f 1557->1559 1560 63b7a2b-63b7a2f 1559->1560 1561 63b7a21-63b7a26 1559->1561 1560->1563 1564 63b7a35-63b7a41 1560->1564 1561->1483 1573 63b7c10-63b7c2e 1563->1573 1564->1484 1566 63b7a47-63b7a7e 1564->1566 1569 63b7a80-63b7a85 1566->1569 1570 63b7a87-63b7a8b 1566->1570 1569->1483 1572 63b7a91-63b7a9a 1570->1572 1570->1573 1572->1484 1575 63b7aa0-63b7ad5 1572->1575 1577 63b7c35-63b7c53 1573->1577 1576 63b7adb 1575->1576 1575->1577 1576->1483 1577->1484
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (bq$(bq
                                                                                                                                                                                                      • API String ID: 0-4224401849
                                                                                                                                                                                                      • Opcode ID: 7e36c816ea561cceac53e18c9615cfef286a7fe762463581bcfb0f6b78358be3
                                                                                                                                                                                                      • Instruction ID: d0c42302b2981ea1d80e884b9fff206ed30c87e23a38820c71e4affce19a7e10
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7e36c816ea561cceac53e18c9615cfef286a7fe762463581bcfb0f6b78358be3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F2628974B006158FCB55DF69C4946AEBBF2FF88301F248969D65AD7B81CB34E906CB80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280C508 Relevance: 1.7, Strings: 1, Instructions: 472COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: LR^q
                                                                                                                                                                                                      • API String ID: 0-2625958711
                                                                                                                                                                                                      • Opcode ID: ee3276680817d20cadbbce840f2ac818f96d270f080cae64cc79396295d0ef77
                                                                                                                                                                                                      • Instruction ID: e1773df35b4ff5abee6be48953a5f2cf17ea259742cd2ffb5b565f46554f1874
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee3276680817d20cadbbce840f2ac818f96d270f080cae64cc79396295d0ef77
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AF127C79E00619CFDB14DF69D884AADBBF2FF88305F15866AD006EB394DB749941CB80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280C4F8 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: LR^q
                                                                                                                                                                                                      • API String ID: 0-2625958711
                                                                                                                                                                                                      • Opcode ID: 8c7cfddb94baa96b498a9a628e9b461c6739e39bd41b1592922ac41438c1a86b
                                                                                                                                                                                                      • Instruction ID: 2effd4978f3ee5fded33281e1591e07316eddea8d33f5267dcaa788c52854db6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c7cfddb94baa96b498a9a628e9b461c6739e39bd41b1592922ac41438c1a86b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E2B19D35A016198FEB04DF7ADC806ADB7B3BFC8305F15C669D406AB394DB34A902CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280C542 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: LR^q
                                                                                                                                                                                                      • API String ID: 0-2625958711
                                                                                                                                                                                                      • Opcode ID: 01e5be58c0cef8f6030975e13a47eb2e8121bd3b8f509392f7c7ea039132e1b8
                                                                                                                                                                                                      • Instruction ID: 04c81b116d379669c103c2819a467ac57b56d5388118d27b9a4078d958293631
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01e5be58c0cef8f6030975e13a47eb2e8121bd3b8f509392f7c7ea039132e1b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 86A17E35A016198FEB04DF7ADC806ADB7B3BFC8305F158669D406AB394DB34A942CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BB7E3 Relevance: .5, Instructions: 538COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 39fefbb65e17f0440f0fb112f3e9bb68f026d2209b37b836a7745278f08186c1
                                                                                                                                                                                                      • Instruction ID: 0a3712390030bff2884a64f84d0a588ed6e42ee118999b3b45b6a4529225262d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 39fefbb65e17f0440f0fb112f3e9bb68f026d2209b37b836a7745278f08186c1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 25128231F005199FDB18DB79C850BAEB7E2EFC8740F248559E906AB395DE31DD068B81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BB7F0 Relevance: .5, Instructions: 523COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: fb54d998573310245d7fbe58c0442c4f50277a5068df733708995af310b97115
                                                                                                                                                                                                      • Instruction ID: aac5b7509977907d536043f1a84c0e89d4490e53b5dd7603573d650fc8bd87ff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb54d998573310245d7fbe58c0442c4f50277a5068df733708995af310b97115
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C0128230F006199FDB18DF79C850BAEB7E2AFC8740F248559E906AB395DE31DD068B81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280D318 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 299b22bb557e4f6d58bc724b88c3a62a04441cdc2eed3ff9455c90441067e45f
                                                                                                                                                                                                      • Instruction ID: 2cc7cbed759e2997c58daada1fd453a77297ef42041637e3033ffe13519b6f93
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 299b22bb557e4f6d58bc724b88c3a62a04441cdc2eed3ff9455c90441067e45f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 28916E36B105158FD754DBA9CC84A5EB7E3EFC8715F1A81A4E409DB3A9DE74AC02CB80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028036F8 Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: aaa76cd7989c747f2f674f51f0984f1386a220aad1c7d7083d7095ab363f70d6
                                                                                                                                                                                                      • Instruction ID: a962cff093b61aba0422ab6203100e389beb61a4cea79878be4a40ba2575ec72
                                                                                                                                                                                                      • Opcode Fuzzy Hash: aaa76cd7989c747f2f674f51f0984f1386a220aad1c7d7083d7095ab363f70d6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D913A7D6086458FD7628B68CC94765BBB2EB82314F1845FAC045CB6D6C778D885CF41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280B479 Relevance: .2, Instructions: 195COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 47983b466e05331fc9e8e23516202a32ce10c7799324d6b265d2b38f072ead7e
                                                                                                                                                                                                      • Instruction ID: 3fa64e9f0532067ce449aa1d6ec56787cb76eccd7c5bc75195e15370ff0c11b9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 47983b466e05331fc9e8e23516202a32ce10c7799324d6b265d2b38f072ead7e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FB71A93CA00508DFE784DB69D898BAE77E3EB89319F1884B5D106D76E9CB745D81CB01
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280EA90 Relevance: 5.3, Strings: 4, Instructions: 315COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 639 280ea90-280eaf1 644 280eaf3-280eaf7 639->644 645 280eafd-280eb11 639->645 644->645 647 280eb1f-280eb2a 645->647 649 280eb13-280eb16 647->649 649->647 650 280eb18 649->650 650->647 651 280eba0-280eba3 650->651 652 280ebe2-280ebf6 650->652 653 280ed82-280ed92 650->653 654 280eb43-280eb53 650->654 655 280eee8-280eeed 650->655 656 280eb2c-280eb41 650->656 657 280eb8e-280eb90 650->657 658 280ed6e-280ed80 650->658 659 280eb71-280eb8c 650->659 660 280ed94-280edad 650->660 661 280eb55-280eb5a 650->661 662 280ec17 650->662 663 280ebfb-280ec12 650->663 664 280eedb-280eede 650->664 665 280eb5c-280eb6f 650->665 666 280eebe-280eed9 call 2800198 650->666 670 280eba9-280ebbc 651->670 671 280ef4d-280ef5d 651->671 652->649 692 280ed47-280ed4a 653->692 654->649 737 280eeee call 280f288 655->737 738 280eeee call 280f278 655->738 656->649 667 280eb96-280eb9b 657->667 668 280ec18-280ec1b 657->668 658->692 659->649 686 280edb3 660->686 687 280edaf-280edb1 660->687 661->649 662->668 663->649 669 280eedf-280eee6 664->669 665->649 678 280eea5-280eea8 666->678 667->649 668->651 685 280ec1d-280ec6c call 2800188 668->685 669->678 670->671 679 280ebc2-280ebce 670->679 671->669 688 280eeb1-280eebc 678->688 689 280eeaa 678->689 679->671 691 280ebd4-280ebdd 679->691 680 280eef4-280eeff 680->678 713 280ec78-280ece7 685->713 714 280ec6e-280ec72 685->714 694 280edb8-280edba 686->694 687->694 688->678 689->655 689->664 689->666 689->688 695 280ef33-280ef4c 689->695 691->649 697 280ed3c 692->697 698 280ed4c 692->698 701 280edc5 694->701 702 280edbc 694->702 697->692 698->653 698->655 698->658 698->660 698->664 698->666 698->695 704 280ed53-280ed67 698->704 701->678 702->701 704->658 723 280ece9-280ecfc 713->723 724 280ecfe-280ed11 713->724 714->713 727 280ed33 723->727 730 280ed13-280ed18 724->730 731 280ed1a 724->731 735 280ed33 call 280f050 727->735 736 280ed33 call 280f041 727->736 729 280ed39 729->697 732 280ed1c-280ed1e 730->732 731->732 732->704 733 280ed20-280ed31 732->733 733->727 735->729 736->729 737->680 738->680
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: @$TJcq$TJcq$Te^q
                                                                                                                                                                                                      • API String ID: 0-2400496369
                                                                                                                                                                                                      • Opcode ID: b3b4980165284724cd0e60f48ede4eb66c4d9e6dde689633e350cd1a2e2c2a4b
                                                                                                                                                                                                      • Instruction ID: 34b14045789ec927880dcc42c9ff3de885c671a5709ae2392d2b6e7cbe0562e2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b3b4980165284724cd0e60f48ede4eb66c4d9e6dde689633e350cd1a2e2c2a4b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AAC14C38B041088FDB54DF68D894B6EBBF2EF89714F1584A9E506EB3E1DA30AC45CB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B1C08 Relevance: 5.2, Strings: 4, Instructions: 204COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 739 48b1c08-48b1c3c 743 48b1cb8-48b1cc0 739->743 744 48b1c43-48b1c46 743->744 745 48b1c66-48b1c6b 744->745 746 48b1c4d-48b1c56 745->746 747 48b1c58 746->747 748 48b1c5f-48b1c64 746->748 747->743 747->744 747->745 747->748 749 48b1c48-48b1c4b 747->749 750 48b1d48-48b1d4d 747->750 751 48b1c6d-48b1c75 747->751 752 48b1c82-48b1c88 747->752 753 48b1ca2-48b1ca8 747->753 754 48b1cc2-48b1cc4 747->754 755 48b1c98-48b1ca0 747->755 756 48b1c3e-48b1c41 747->756 757 48b1d1c-48b1d43 747->757 758 48b1cd4-48b1d17 747->758 748->746 749->748 763 48b1d51-48b1d53 750->763 764 48b1c7e-48b1c80 751->764 765 48b1c77 751->765 766 48b1c8a 752->766 767 48b1c91-48b1c96 752->767 759 48b1caa 753->759 760 48b1cb1-48b1cb6 753->760 761 48b1cca-48b1ccf 754->761 762 48b1d4f 754->762 755->749 756->755 757->756 758->756 759->750 759->754 759->757 759->758 759->760 760->744 761->756 762->763 770 48b1d77-48b1dce 763->770 771 48b1d55-48b1d75 763->771 764->746 765->743 765->744 765->750 765->752 765->753 765->754 765->755 765->756 765->757 765->758 765->764 766->743 766->750 766->753 766->754 766->756 766->757 766->758 766->767 767->749 787 48b1dd0-48b1dd6 770->787 788 48b1de6-48b1e1b 770->788 771->770 789 48b1dda-48b1ddc 787->789 790 48b1dd8 787->790 795 48b1e23-48b1e75 788->795 789->788 790->788 801 48b1e8d-48b1e94 795->801 802 48b1e77-48b1e7d 795->802 803 48b1e7f 802->803 804 48b1e81-48b1e83 802->804 803->801 804->801
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: d%dq$d%dq$$^q$$^q
                                                                                                                                                                                                      • API String ID: 0-141320698
                                                                                                                                                                                                      • Opcode ID: 745bd4096953d74ac147e5598dec5ea223c486c286ba11ddea08ba30f6609c1d
                                                                                                                                                                                                      • Instruction ID: 4987cce042becb64bf097f39c72d21ec05d605ba46d47b9d14104d7f598a6efe
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 745bd4096953d74ac147e5598dec5ea223c486c286ba11ddea08ba30f6609c1d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0B513530B046088FC758AA788CB877A66D7AB85790F244E7AD546DF3D4EE31EC4143D2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BD138 Relevance: 4.2, Strings: 3, Instructions: 478COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1036 48bd138-48bd160 1038 48bd1ae-48bd1bc 1036->1038 1039 48bd162-48bd1a9 1036->1039 1040 48bd1cb 1038->1040 1041 48bd1be-48bd1c9 call 48baf28 1038->1041 1087 48bd605-48bd60c 1039->1087 1043 48bd1cd-48bd1d4 1040->1043 1041->1043 1046 48bd1da-48bd1de 1043->1046 1047 48bd2bd-48bd2c1 1043->1047 1050 48bd60d-48bd635 1046->1050 1051 48bd1e4-48bd1e8 1046->1051 1048 48bd2c3-48bd2d2 call 48b9268 1047->1048 1049 48bd317-48bd321 1047->1049 1064 48bd2d6-48bd2db 1048->1064 1056 48bd35a-48bd380 1049->1056 1057 48bd323-48bd332 call 48b87d8 1049->1057 1060 48bd63c-48bd666 1050->1060 1054 48bd1fa-48bd258 call 48bac68 call 48bb6d0 1051->1054 1055 48bd1ea-48bd1f4 1051->1055 1096 48bd6cb-48bd6f5 1054->1096 1097 48bd25e-48bd2b8 1054->1097 1055->1054 1055->1060 1083 48bd38d 1056->1083 1084 48bd382-48bd38b 1056->1084 1068 48bd338-48bd355 1057->1068 1069 48bd66e-48bd684 1057->1069 1060->1069 1071 48bd2dd-48bd312 call 48bcc00 1064->1071 1072 48bd2d4 1064->1072 1068->1087 1098 48bd68c-48bd6c4 1069->1098 1071->1087 1072->1064 1089 48bd38f-48bd3b7 1083->1089 1084->1089 1101 48bd488-48bd48c 1089->1101 1102 48bd3bd-48bd3d6 1089->1102 1106 48bd6ff-48bd705 1096->1106 1107 48bd6f7-48bd6fd 1096->1107 1097->1087 1098->1096 1108 48bd48e-48bd4a7 1101->1108 1109 48bd506-48bd510 1101->1109 1102->1101 1127 48bd3dc-48bd3eb call 48b8200 1102->1127 1107->1106 1113 48bd706-48bd743 1107->1113 1108->1109 1131 48bd4a9-48bd4b8 call 48b8200 1108->1131 1111 48bd56d-48bd576 1109->1111 1112 48bd512-48bd51c 1109->1112 1117 48bd578-48bd5a6 call 48ba460 call 48ba480 1111->1117 1118 48bd5ae-48bd5fb 1111->1118 1128 48bd51e-48bd520 1112->1128 1129 48bd522-48bd534 1112->1129 1117->1118 1137 48bd603 1118->1137 1146 48bd3ed-48bd3f3 1127->1146 1147 48bd403-48bd418 1127->1147 1134 48bd536-48bd538 1128->1134 1129->1134 1153 48bd4ba-48bd4c0 1131->1153 1154 48bd4d0-48bd4db 1131->1154 1142 48bd53a-48bd53e 1134->1142 1143 48bd566-48bd56b 1134->1143 1137->1087 1149 48bd55c-48bd561 call 48b7000 1142->1149 1150 48bd540-48bd559 1142->1150 1143->1111 1143->1112 1155 48bd3f7-48bd3f9 1146->1155 1156 48bd3f5 1146->1156 1159 48bd41a-48bd446 call 48b96b0 1147->1159 1160 48bd44c-48bd455 1147->1160 1149->1143 1150->1149 1164 48bd4c2 1153->1164 1165 48bd4c4-48bd4c6 1153->1165 1154->1096 1166 48bd4e1-48bd504 1154->1166 1155->1147 1156->1147 1159->1098 1159->1160 1160->1096 1163 48bd45b-48bd482 1160->1163 1163->1101 1163->1127 1164->1154 1165->1154 1166->1109 1166->1131
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: Hbq$Hbq$Hbq
                                                                                                                                                                                                      • API String ID: 0-2297679979
                                                                                                                                                                                                      • Opcode ID: a30f4e9427614beda7b6a6697ca6ac1007cedb8d2c984fe3c214dc726f1ba15b
                                                                                                                                                                                                      • Instruction ID: 4e08db3cb295956e1096a2870eb65b402cb337229706dd5384331edfdcf65997
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a30f4e9427614beda7b6a6697ca6ac1007cedb8d2c984fe3c214dc726f1ba15b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60124D31A006049FDB25DFA8C4846AEB7F2FF84304F148A69D546DB395DB75EC4ACB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BEDE8 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1178 48bede8-48bee25 1180 48bee47-48bee5d call 48bebf0 1178->1180 1181 48bee27-48bee2a 1178->1181 1187 48bf1d3-48bf1e7 1180->1187 1188 48bee63-48bee6f 1180->1188 1292 48bee2c call 48bf758 1181->1292 1293 48bee2c call 48bf6f0 1181->1293 1184 48bee32-48bee34 1184->1180 1185 48bee36-48bee3e 1184->1185 1185->1180 1197 48bf227-48bf230 1187->1197 1189 48befa0-48befa7 1188->1189 1190 48bee75-48bee78 1188->1190 1193 48befad-48befb6 1189->1193 1194 48bf0d6-48bf1ca call 48be5f8 * 2 1189->1194 1191 48bee7b-48bee84 1190->1191 1195 48bee8a-48bee9e 1191->1195 1196 48bf2c8 1191->1196 1193->1194 1199 48befbc-48bf0c8 call 48be5f8 call 48beb88 call 48be5f8 1193->1199 1194->1187 1211 48bef90-48bef9a 1195->1211 1212 48beea4-48bef39 call 48bebf0 * 2 call 48be5f8 call 48beb88 call 48bec30 call 48becd8 call 48bed40 1195->1212 1200 48bf2cd-48bf2d1 1196->1200 1201 48bf232-48bf239 1197->1201 1202 48bf1f5-48bf1fe 1197->1202 1289 48bf0ca 1199->1289 1290 48bf0d3-48bf0d4 1199->1290 1205 48bf2dc 1200->1205 1206 48bf2d3 1200->1206 1208 48bf23b-48bf27e call 48be5f8 1201->1208 1209 48bf287-48bf28e 1201->1209 1202->1196 1204 48bf204-48bf216 1202->1204 1223 48bf218-48bf21d 1204->1223 1224 48bf226 1204->1224 1220 48bf2dd 1205->1220 1206->1205 1208->1209 1213 48bf2b3-48bf2c6 1209->1213 1214 48bf290-48bf2a0 1209->1214 1211->1189 1211->1191 1270 48bef3b-48bef53 call 48becd8 call 48be5f8 call 48be8a8 1212->1270 1271 48bef58-48bef8b call 48bed40 1212->1271 1213->1200 1214->1213 1230 48bf2a2-48bf2aa 1214->1230 1220->1220 1294 48bf220 call 63b1890 1223->1294 1295 48bf220 call 63b1910 1223->1295 1296 48bf220 call 63b1900 1223->1296 1224->1197 1230->1213 1270->1271 1271->1211 1289->1290 1290->1194 1292->1184 1293->1184 1294->1224 1295->1224 1296->1224
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 4'^q$4'^q$4'^q
                                                                                                                                                                                                      • API String ID: 0-1196845430
                                                                                                                                                                                                      • Opcode ID: fc9119d7c330c7e2abe660d11fadcd56bf57bf59a78d2ad53129cf319169e757
                                                                                                                                                                                                      • Instruction ID: f33504bfeea19ba015f7165275d2e3fa277f8ffb9d67d9118c7096c9535b0530
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc9119d7c330c7e2abe660d11fadcd56bf57bf59a78d2ad53129cf319169e757
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61F1FB34A00118CFDB04EFA8D994A9DB7B2FF88304F118655E946AB3A5DB71FC46CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B1BF8 Relevance: 3.9, Strings: 3, Instructions: 198COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1297 48b1bf8-48b1c3c 1302 48b1cb8-48b1cc0 1297->1302 1303 48b1c43-48b1c46 1302->1303 1304 48b1c66-48b1c6b 1303->1304 1305 48b1c4d-48b1c56 1304->1305 1306 48b1c58 1305->1306 1307 48b1c5f-48b1c64 1305->1307 1306->1302 1306->1303 1306->1304 1306->1307 1308 48b1c48-48b1c4b 1306->1308 1309 48b1d48-48b1d4d 1306->1309 1310 48b1c6d-48b1c75 1306->1310 1311 48b1c82-48b1c88 1306->1311 1312 48b1ca2-48b1ca8 1306->1312 1313 48b1cc2-48b1cc4 1306->1313 1314 48b1c98-48b1ca0 1306->1314 1315 48b1c3e-48b1c41 1306->1315 1316 48b1d1c-48b1d43 1306->1316 1317 48b1cd4-48b1d17 1306->1317 1307->1305 1308->1307 1322 48b1d51-48b1d53 1309->1322 1323 48b1c7e-48b1c80 1310->1323 1324 48b1c77 1310->1324 1325 48b1c8a 1311->1325 1326 48b1c91-48b1c96 1311->1326 1318 48b1caa 1312->1318 1319 48b1cb1-48b1cb6 1312->1319 1320 48b1cca-48b1ccf 1313->1320 1321 48b1d4f 1313->1321 1314->1308 1315->1314 1316->1315 1317->1315 1318->1309 1318->1313 1318->1316 1318->1317 1318->1319 1319->1303 1320->1315 1321->1322 1329 48b1d77-48b1dce 1322->1329 1330 48b1d55-48b1d75 1322->1330 1323->1305 1324->1302 1324->1303 1324->1309 1324->1311 1324->1312 1324->1313 1324->1314 1324->1315 1324->1316 1324->1317 1324->1323 1325->1302 1325->1309 1325->1312 1325->1313 1325->1315 1325->1316 1325->1317 1325->1326 1326->1308 1346 48b1dd0-48b1dd6 1329->1346 1347 48b1de6-48b1e1b 1329->1347 1330->1329 1348 48b1dda-48b1ddc 1346->1348 1349 48b1dd8 1346->1349 1354 48b1e23-48b1e75 1347->1354 1348->1347 1349->1347 1360 48b1e8d-48b1e94 1354->1360 1361 48b1e77-48b1e7d 1354->1361 1362 48b1e7f 1361->1362 1363 48b1e81-48b1e83 1361->1363 1362->1360 1363->1360
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: d%dq$d%dq$$^q
                                                                                                                                                                                                      • API String ID: 0-3870310762
                                                                                                                                                                                                      • Opcode ID: 76203f6b2e5453485342d075ec5ed901bd257b3e8472a06f8c81256d73d3d7ff
                                                                                                                                                                                                      • Instruction ID: 9581a12f397b9434f5686fc1af4a20fe859aa2858811fc151e55b0b5346e05d9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 76203f6b2e5453485342d075ec5ed901bd257b3e8472a06f8c81256d73d3d7ff
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D512630B006088FC759AA788CB477A7AD7AB85790F254A7AD546DF3D4EE31EC0583D2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280C1B0 Relevance: 3.8, Strings: 3, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1364 280c1b0-280c254 1379 280c25f-280c267 1364->1379 1380 280c272-280c2c2 1379->1380
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: fcq$ fcq$4'^q
                                                                                                                                                                                                      • API String ID: 0-259698777
                                                                                                                                                                                                      • Opcode ID: 3ce48c0fd639d6c73b750e1f9d5b38b22fc66c3715b705fc8e233d68aa7c43fa
                                                                                                                                                                                                      • Instruction ID: 60a8979b2d6e59f7311bc2c3fdfb9a8d9fa9eeaecad6ca6c1e3aacb16120ec8e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ce48c0fd639d6c73b750e1f9d5b38b22fc66c3715b705fc8e233d68aa7c43fa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C314C3090060ADFDB44EFA4D8506AEB7F6FF84300F5045A9D415AB3A4DF765E49CB52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280C1C0 Relevance: 3.8, Strings: 3, Instructions: 68COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1386 280c1c0-280c254 1400 280c25f-280c267 1386->1400 1401 280c272-280c2c2 1400->1401
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: fcq$ fcq$4'^q
                                                                                                                                                                                                      • API String ID: 0-259698777
                                                                                                                                                                                                      • Opcode ID: ac1c6b2d3ae565a263089d1f68b4e205c1167902642d9840e9668d8e9f4c5b96
                                                                                                                                                                                                      • Instruction ID: cae039606723194f9e0aa5c0246b4d35a2e3874f5c469bd11539e4dfe84a334f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ac1c6b2d3ae565a263089d1f68b4e205c1167902642d9840e9668d8e9f4c5b96
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4E216D30A0060ACFCF04EFA8D8506AEB7F6FB84300F5045A9D415AB3A4DF765A09CB52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B9949 Relevance: 3.0, Strings: 2, Instructions: 484COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1738 48b9949-48b9984 1740 48b998d-48b9992 call 48b96e8 1738->1740 1741 48b9986 1738->1741 1743 48b9997-48b99a0 1740->1743 1741->1740 1744 48b99a6-48b99b9 1743->1744 1745 48b9ae4-48b9aeb 1743->1745 1755 48b99bb-48b99c2 1744->1755 1756 48b99c7-48b99e1 1744->1756 1746 48b9af1-48b9b06 1745->1746 1747 48b9d85-48b9d8c 1745->1747 1760 48b9b08-48b9b0a 1746->1760 1761 48b9b26-48b9b2c 1746->1761 1748 48b9dfb-48b9e02 1747->1748 1749 48b9d8e-48b9d97 1747->1749 1751 48b9e08-48b9e11 1748->1751 1752 48b9e9e-48b9ea5 1748->1752 1749->1748 1754 48b9d99-48b9dac 1749->1754 1751->1752 1757 48b9e17-48b9e2a 1751->1757 1758 48b9ec1-48b9ec7 1752->1758 1759 48b9ea7-48b9eb8 1752->1759 1754->1748 1776 48b9dae-48b9df3 call 48b6a30 1754->1776 1762 48b9add 1755->1762 1771 48b99e8-48b99f5 1756->1771 1772 48b99e3-48b99e6 1756->1772 1781 48b9e3d-48b9e41 1757->1781 1782 48b9e2c-48b9e3b 1757->1782 1766 48b9ed9-48b9ee2 1758->1766 1767 48b9ec9-48b9ecf 1758->1767 1759->1758 1783 48b9eba 1759->1783 1760->1761 1764 48b9b0c-48b9b23 1760->1764 1768 48b9b32-48b9b34 1761->1768 1769 48b9bf4-48b9bf8 1761->1769 1762->1745 1764->1761 1777 48b9ed1-48b9ed7 1767->1777 1778 48b9ee5-48b9f5a 1767->1778 1768->1769 1770 48b9b3a-48b9bbb call 48b6a30 * 4 1768->1770 1769->1747 1773 48b9bfe-48b9c00 1769->1773 1845 48b9bbd-48b9bcf call 48b6a30 1770->1845 1846 48b9bd2-48b9bf1 call 48b6a30 1770->1846 1779 48b99f7-48b9a0b 1771->1779 1772->1779 1773->1747 1780 48b9c06-48b9c0f 1773->1780 1776->1748 1814 48b9df5-48b9df8 1776->1814 1777->1766 1777->1778 1852 48b9f68 1778->1852 1853 48b9f5c-48b9f66 1778->1853 1779->1762 1813 48b9a11-48b9a65 1779->1813 1788 48b9d62-48b9d68 1780->1788 1789 48b9e43-48b9e45 1781->1789 1790 48b9e61-48b9e63 1781->1790 1782->1781 1783->1758 1793 48b9d7b 1788->1793 1794 48b9d6a-48b9d79 1788->1794 1789->1790 1797 48b9e47-48b9e5e 1789->1797 1790->1752 1792 48b9e65-48b9e6b 1790->1792 1792->1752 1799 48b9e6d-48b9e9b 1792->1799 1802 48b9d7d-48b9d7f 1793->1802 1794->1802 1797->1790 1799->1752 1802->1747 1806 48b9c14-48b9c22 call 48b8200 1802->1806 1820 48b9c3a-48b9c54 1806->1820 1821 48b9c24-48b9c2a 1806->1821 1855 48b9a73-48b9a77 1813->1855 1856 48b9a67-48b9a69 1813->1856 1814->1748 1820->1788 1830 48b9c5a-48b9c5e 1820->1830 1824 48b9c2e-48b9c30 1821->1824 1825 48b9c2c 1821->1825 1824->1820 1825->1820 1832 48b9c7f 1830->1832 1833 48b9c60-48b9c69 1830->1833 1838 48b9c82-48b9c9c 1832->1838 1836 48b9c6b-48b9c6e 1833->1836 1837 48b9c70-48b9c73 1833->1837 1841 48b9c7d 1836->1841 1837->1841 1838->1788 1860 48b9ca2-48b9d23 call 48b6a30 * 4 1838->1860 1841->1838 1845->1846 1846->1769 1858 48b9f6d-48b9f6f 1852->1858 1853->1858 1855->1762 1859 48b9a79-48b9a91 1855->1859 1856->1855 1861 48b9f71-48b9f74 1858->1861 1862 48b9f76-48b9f7b 1858->1862 1859->1762 1866 48b9a93-48b9a9f 1859->1866 1886 48b9d3a-48b9d60 call 48b6a30 1860->1886 1887 48b9d25-48b9d37 call 48b6a30 1860->1887 1864 48b9f81-48b9fae 1861->1864 1862->1864 1869 48b9aae-48b9ab4 1866->1869 1870 48b9aa1-48b9aa4 1866->1870 1871 48b9abc-48b9ac5 1869->1871 1872 48b9ab6-48b9ab9 1869->1872 1870->1869 1874 48b9ac7-48b9aca 1871->1874 1875 48b9ad4-48b9ada 1871->1875 1872->1871 1874->1875 1875->1762 1886->1747 1886->1788 1887->1886
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: $^q$$^q
                                                                                                                                                                                                      • API String ID: 0-355816377
                                                                                                                                                                                                      • Opcode ID: ccf1a4e57e30b544e3781b79ae8257426544a1af0abb90f560f66a0120c67206
                                                                                                                                                                                                      • Instruction ID: 964e3b08f62115789f5ae36053117aa6e3bae88999c84c04765824d8b36756c4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ccf1a4e57e30b544e3781b79ae8257426544a1af0abb90f560f66a0120c67206
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04127A70E006198FEB15DFA4D844AEDBBB1FF48700F148A54E981E7394DB78AE46CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04920078 Relevance: 2.9, Strings: 2, Instructions: 365COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083483778.0000000004920000.00000040.00000800.00020000.00000000.sdmp, Offset: 04920000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4920000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 4'^q$4'^q
                                                                                                                                                                                                      • API String ID: 0-2697143702
                                                                                                                                                                                                      • Opcode ID: 9b885f32a65bb600683f9895d841c7d0a15b9595c082b00e4937a90994455a5f
                                                                                                                                                                                                      • Instruction ID: ce25ee1f725a2e5abcbf3cf61f65f1327f2e6b41df468b247625dd9e2e7c43e3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b885f32a65bb600683f9895d841c7d0a15b9595c082b00e4937a90994455a5f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D6B1D421F402358BEB350A65461873F65DE9BC4B40B184D7ACB46E734CFFA5EC958392
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BC7E8 Relevance: 2.8, Strings: 2, Instructions: 338COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 2052 48bc7e8-48bc7fa 2053 48bc7fc-48bc81d 2052->2053 2054 48bc824-48bc828 2052->2054 2053->2054 2055 48bc82a-48bc82c 2054->2055 2056 48bc834-48bc843 2054->2056 2055->2056 2057 48bc84f-48bc87b 2056->2057 2058 48bc845 2056->2058 2062 48bcaa8-48bcaef 2057->2062 2063 48bc881-48bc887 2057->2063 2058->2057 2094 48bcaf1 2062->2094 2095 48bcb05-48bcb11 2062->2095 2064 48bc959-48bc95d 2063->2064 2065 48bc88d-48bc893 2063->2065 2067 48bc95f-48bc968 2064->2067 2068 48bc980-48bc989 2064->2068 2065->2062 2070 48bc899-48bc8a6 2065->2070 2067->2062 2071 48bc96e-48bc97e 2067->2071 2072 48bc98b-48bc9ab 2068->2072 2073 48bc9ae-48bc9b1 2068->2073 2074 48bc938-48bc941 2070->2074 2075 48bc8ac-48bc8b5 2070->2075 2076 48bc9b4-48bc9ba 2071->2076 2072->2073 2073->2076 2074->2062 2079 48bc947-48bc953 2074->2079 2075->2062 2078 48bc8bb-48bc8d3 2075->2078 2076->2062 2081 48bc9c0-48bc9d3 2076->2081 2082 48bc8df-48bc8f1 2078->2082 2083 48bc8d5 2078->2083 2079->2064 2079->2065 2081->2062 2085 48bc9d9-48bc9e9 2081->2085 2082->2074 2089 48bc8f3-48bc8f9 2082->2089 2083->2082 2085->2062 2088 48bc9ef-48bc9fc 2085->2088 2088->2062 2091 48bca02-48bca17 2088->2091 2092 48bc8fb 2089->2092 2093 48bc905-48bc90b 2089->2093 2091->2062 2101 48bca1d-48bca40 2091->2101 2092->2093 2093->2062 2098 48bc911-48bc935 2093->2098 2099 48bcaf4-48bcaf6 2094->2099 2096 48bcb1d-48bcb39 2095->2096 2097 48bcb13 2095->2097 2097->2096 2102 48bcb3a-48bcb67 call 48b8200 2099->2102 2103 48bcaf8-48bcb03 2099->2103 2101->2062 2108 48bca42-48bca4d 2101->2108 2114 48bcb69-48bcb6f 2102->2114 2115 48bcb7f-48bcb81 2102->2115 2103->2095 2103->2099 2111 48bca4f-48bca59 2108->2111 2112 48bca9e-48bcaa5 2108->2112 2111->2112 2120 48bca5b-48bca71 2111->2120 2117 48bcb73-48bcb75 2114->2117 2118 48bcb71 2114->2118 2138 48bcb83 call 48bddb8 2115->2138 2139 48bcb83 call 48bcc00 2115->2139 2140 48bcb83 call 48bcbf0 2115->2140 2117->2115 2118->2115 2119 48bcb89-48bcb8d 2121 48bcbd8-48bcbe8 2119->2121 2122 48bcb8f-48bcba6 2119->2122 2126 48bca7d-48bca96 2120->2126 2127 48bca73 2120->2127 2122->2121 2130 48bcba8-48bcbb2 2122->2130 2126->2112 2127->2126 2133 48bcbc5-48bcbd5 2130->2133 2134 48bcbb4-48bcbc3 2130->2134 2134->2133 2138->2119 2139->2119 2140->2119
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (bq$d
                                                                                                                                                                                                      • API String ID: 0-3334038649
                                                                                                                                                                                                      • Opcode ID: 5f13059154f1ec9aeddc3bdf2508f7428ac7c8d2c66a31020810bc9d3cb0b754
                                                                                                                                                                                                      • Instruction ID: d25d0866d859a635cc07dbca004bc13e5ea80c70fb3d12f0dfe60a7c45ee779f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5f13059154f1ec9aeddc3bdf2508f7428ac7c8d2c66a31020810bc9d3cb0b754
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04D15C35600606CFDB15DF28C4809AAB7F2FF88314B558A6DE49ADB365DB30F856CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BB4E9 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 2141 48bb4e9-48bb520 2143 48bb60c-48bb631 2141->2143 2144 48bb526-48bb52a 2141->2144 2151 48bb638-48bb65c 2143->2151 2145 48bb53e-48bb542 2144->2145 2146 48bb52c-48bb538 2144->2146 2147 48bb548-48bb55f 2145->2147 2148 48bb663-48bb688 2145->2148 2146->2145 2146->2151 2159 48bb573-48bb577 2147->2159 2160 48bb561-48bb56d 2147->2160 2166 48bb68f-48bb6e2 2148->2166 2151->2148 2161 48bb579-48bb592 2159->2161 2162 48bb5a3-48bb5bc call 48b8138 2159->2162 2160->2159 2160->2166 2161->2162 2176 48bb594-48bb597 2161->2176 2174 48bb5be-48bb5e2 2162->2174 2175 48bb5e5-48bb609 2162->2175 2184 48bb71a-48bb73f 2166->2184 2185 48bb6e4-48bb704 2166->2185 2180 48bb5a0 2176->2180 2180->2162 2192 48bb746-48bb79a 2184->2192 2185->2192 2193 48bb706-48bb717 2185->2193 2199 48bb841-48bb88f 2192->2199 2200 48bb7a0-48bb7ac 2192->2200 2213 48bb8bf-48bb8c5 2199->2213 2214 48bb891-48bb8b5 2199->2214 2203 48bb7ae-48bb7b5 2200->2203 2204 48bb7b6-48bb7ca call 48b6940 2200->2204 2209 48bb839-48bb840 2204->2209 2210 48bb7cc-48bb7f1 2204->2210 2220 48bb7f3-48bb80d 2210->2220 2221 48bb834-48bb837 2210->2221 2217 48bb8d7-48bb8e6 2213->2217 2218 48bb8c7-48bb8d4 2213->2218 2214->2213 2216 48bb8b7 2214->2216 2216->2213 2220->2221 2223 48bb80f-48bb818 2220->2223 2221->2209 2221->2210 2224 48bb81a-48bb81d 2223->2224 2225 48bb827-48bb833 2223->2225 2224->2225
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (bq$(bq
                                                                                                                                                                                                      • API String ID: 0-4224401849
                                                                                                                                                                                                      • Opcode ID: 6095864847e3d5e9eb88f85ff46745ba7a5850660009de520f296d97426a828c
                                                                                                                                                                                                      • Instruction ID: dead3bc5be2c4ea9efaab9771c8e1a721f9df2bbd72d009294d0837427955818
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6095864847e3d5e9eb88f85ff46745ba7a5850660009de520f296d97426a828c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B451C0317002458FDB059F28D850BAE7BA2EF84351F1486A9E805CB3A6CF74ED56CBD1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B9070 Relevance: 2.7, Strings: 2, Instructions: 175COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 2226 48b9070-48b9082 2227 48b9088-48b908a 2226->2227 2228 48b9173-48b9198 2226->2228 2229 48b919f-48b91c3 2227->2229 2230 48b9090-48b909c 2227->2230 2228->2229 2241 48b91ca-48b91ee 2229->2241 2234 48b909e-48b90aa 2230->2234 2235 48b90b0-48b90c0 2230->2235 2234->2235 2234->2241 2235->2241 2242 48b90c6-48b90d4 2235->2242 2247 48b91f5-48b926d 2241->2247 2246 48b90da-48b90df 2242->2246 2242->2247 2285 48b90e1 call 48b9268 2246->2285 2286 48b90e1 call 48b9061 2246->2286 2287 48b90e1 call 48b9070 2246->2287 2271 48b927f-48b9288 call 48b8200 2247->2271 2272 48b926f-48b9275 call 48b6358 2247->2272 2250 48b90e7-48b912d call 48b8e98 * 3 2267 48b912f-48b9148 2250->2267 2268 48b9150-48b9170 call 48b7000 2250->2268 2267->2268 2281 48b928a-48b9290 2271->2281 2282 48b92a0-48b92a2 2271->2282 2277 48b927a-48b927d 2272->2277 2277->2271 2283 48b9292 2281->2283 2284 48b9294-48b9296 2281->2284 2283->2282 2284->2282 2285->2250 2286->2250 2287->2250
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (bq$Hbq
                                                                                                                                                                                                      • API String ID: 0-4081012451
                                                                                                                                                                                                      • Opcode ID: 4c5aa2c3d736e045d68bf802ab08c62f32abcc9d5186106b7e358d31c42ac241
                                                                                                                                                                                                      • Instruction ID: 19ca8f5586482c8f538c972a15099b51c99c47f48b25646679ecad6844cff713
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c5aa2c3d736e045d68bf802ab08c62f32abcc9d5186106b7e358d31c42ac241
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC51AE317002148FE719AF78C8546AE77E2EF85341B2449ACD646DB3A4DF75EC06CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 049206E8 Relevance: 2.6, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 2288 49206e8-49206f3 2289 49206f5-49206fb 2288->2289 2290 492070b-492070d 2288->2290 2291 49206ff-4920709 2289->2291 2292 49206fd 2289->2292 2293 4920867-4920872 2290->2293 2291->2290 2292->2290 2296 4920712-4920715 2293->2296 2297 4920878-492087a 2293->2297 2298 4920742-4920745 2296->2298 2299 4920717-4920719 2296->2299 2300 4920891-4920897 2297->2300 2301 492087c-492088a 2297->2301 2306 4920780-4920783 2298->2306 2307 4920747-4920749 2298->2307 2302 4920730-492073d 2299->2302 2303 492071b-4920729 2299->2303 2304 492089b-49208a7 2300->2304 2305 4920899 2300->2305 2301->2300 2302->2293 2303->2302 2311 49208a9-49208ae 2304->2311 2305->2311 2309 49207b0-49207b3 2306->2309 2310 4920785-4920787 2306->2310 2312 4920760-4920763 2307->2312 2313 492074b-4920759 2307->2313 2319 49207b5-49207b7 2309->2319 2320 49207de-49207e1 2309->2320 2316 4920789-4920797 2310->2316 2317 492079e-49207ab 2310->2317 2321 492076b-492076d 2312->2321 2313->2312 2316->2317 2317->2293 2325 49207b9-49207c7 2319->2325 2326 49207ce-49207d9 2319->2326 2322 4920812-4920815 2320->2322 2323 49207e3-49207e5 2320->2323 2321->2293 2327 4920773-492077b 2321->2327 2328 4920846-4920848 2322->2328 2329 4920817-4920819 2322->2329 2331 49207e7-49207f5 2323->2331 2332 49207fc 2323->2332 2325->2326 2326->2293 2327->2293 2338 492084a-4920858 2328->2338 2339 492085f 2328->2339 2335 4920830-492083a 2329->2335 2336 492081b-4920829 2329->2336 2331->2332 2350 49207fe call 63b7ee8 2332->2350 2351 49207fe call 63b7d38 2332->2351 2352 49207fe call 63b7d48 2332->2352 2335->2293 2347 492083c-4920844 2335->2347 2336->2335 2338->2339 2339->2293 2342 4920804-4920806 2342->2293 2346 4920808-4920810 2342->2346 2346->2293 2347->2293 2350->2342 2351->2342 2352->2342
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083483778.0000000004920000.00000040.00000800.00020000.00000000.sdmp, Offset: 04920000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4920000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 4'^q$4'^q
                                                                                                                                                                                                      • API String ID: 0-2697143702
                                                                                                                                                                                                      • Opcode ID: ee68d558ec54b066d2d1bf9979df906a69866ee137e6572da67ae18712e87cc9
                                                                                                                                                                                                      • Instruction ID: 89407f55a06644c4e02d9b39601745c64af680ebb820c6632ee22b5cd6ba4b76
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee68d558ec54b066d2d1bf9979df906a69866ee137e6572da67ae18712e87cc9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F6419030F002308B6BB66A25065023F61DF9BC4A907194A7DCB96E734CEF56EC4A67C2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B5638 Relevance: 2.6, Strings: 2, Instructions: 138COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (bq$Hbq
                                                                                                                                                                                                      • API String ID: 0-4081012451
                                                                                                                                                                                                      • Opcode ID: c44c59cbfdc95d619bfe1cb1d0faf0499abc4bab8a2e673720c6464918d9c855
                                                                                                                                                                                                      • Instruction ID: e6c1ce6f990f065ab45496ddc13006675b53b618b8f0ff27f5e7c9c20458f69b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c44c59cbfdc95d619bfe1cb1d0faf0499abc4bab8a2e673720c6464918d9c855
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B412431200B409FD725DF3AD44038ABBF2EF85354F148A69D496CB3A6EB74ED498B90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 04920520 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083483778.0000000004920000.00000040.00000800.00020000.00000000.sdmp, Offset: 04920000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4920000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 4'^q$4'^q
                                                                                                                                                                                                      • API String ID: 0-2697143702
                                                                                                                                                                                                      • Opcode ID: 17cea81190fbfc1948dfcfa2afca53d5690d8c5fa802613b80250c8b8cad7665
                                                                                                                                                                                                      • Instruction ID: e4d28fe38ade52ccc47b112bd9b03f7a270ad24bb2f24a01b70ac2250c408a25
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 17cea81190fbfc1948dfcfa2afca53d5690d8c5fa802613b80250c8b8cad7665
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94412231F002358BEB355A254B24B3A26DBDBC5750B184A79CB06E739CEFA0EC458792
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280898C Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: $^q$$^q
                                                                                                                                                                                                      • API String ID: 0-355816377
                                                                                                                                                                                                      • Opcode ID: 43d3de818d856bfc965e7a90cb602aa5b4a7687083a2a58cd85a5f27db6b2b37
                                                                                                                                                                                                      • Instruction ID: c6d02190bb0f665863de3a7c7d7f63b22467973823f3f17cb8c9f151bfc2b34c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43d3de818d856bfc965e7a90cb602aa5b4a7687083a2a58cd85a5f27db6b2b37
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1BF0F638B402089FE7289A35DC46BA97BA6EF81B01F2044A6E604EF3E4CF71D845C791
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BA4E0 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (_^q
                                                                                                                                                                                                      • API String ID: 0-538443824
                                                                                                                                                                                                      • Opcode ID: fc9fc4de767b090bd5164d56c660463b287a27cbf4e0947949879331ef0c57f4
                                                                                                                                                                                                      • Instruction ID: 9fe1d679f83927fad8b600ffd2686cb82bcf54dc97ace10b548771fbece536b9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fc9fc4de767b090bd5164d56c660463b287a27cbf4e0947949879331ef0c57f4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ED227D35B002089FDB08DFA8C494AADB7F2EF88714F148999E945EB391DB71ED45CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BB2C4 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 063BB506
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateProcess
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 963392458-0
                                                                                                                                                                                                      • Opcode ID: 62501d7540cc5c967e613a587ee3b97eb6bb3339e6352a3bcf9ab5c0c8e9bbd8
                                                                                                                                                                                                      • Instruction ID: 6fcf5ef7ea76420bc330f6004806875d5c18e47e02679d6ae4dd96a7aeff7aea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62501d7540cc5c967e613a587ee3b97eb6bb3339e6352a3bcf9ab5c0c8e9bbd8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5A14971D00219CFDB60CFA9C8417EEFBB2AF48314F1485AAE949A7640DB749985CF92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BB2D0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 063BB506
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateProcess
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 963392458-0
                                                                                                                                                                                                      • Opcode ID: f5247128abefc8d3382ac7f6ae539f5d88b339373c86ad874ae60af8a0bd96b9
                                                                                                                                                                                                      • Instruction ID: a7d276b0b91ab407774bcf6714b94c5f231e953ce0549eeb6f178cc11eae29c2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5247128abefc8d3382ac7f6ae539f5d88b339373c86ad874ae60af8a0bd96b9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96914871D002198FDB60CFA9C8417EEFBB2AF48314F1485AAE949A7640DB749985CF92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063B9F6F Relevance: 1.6, APIs: 1, Instructions: 107fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileA.KERNELBASE(?,?,?,?,?,?,?), ref: 063BA079
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                      • Opcode ID: 5163c6f8bf059649468e63248f02a897b8dc569480b8295e9c3f5d389af9f147
                                                                                                                                                                                                      • Instruction ID: c38f9ab191adabcbe96616ed0b58101e35a01468352bc5cea3933bd92c5beb53
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5163c6f8bf059649468e63248f02a897b8dc569480b8295e9c3f5d389af9f147
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 414154B1D00659DFDB50CFA9C884BDEBBF1EB48304F10812AE915AB790D775988ACF81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063B9F78 Relevance: 1.6, APIs: 1, Instructions: 105fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileA.KERNELBASE(?,?,?,?,?,?,?), ref: 063BA079
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateFile
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 823142352-0
                                                                                                                                                                                                      • Opcode ID: 351522254fade45c1f4b1c7106700041852f67dcfa67b4edec2b2cc4d4dd7fa1
                                                                                                                                                                                                      • Instruction ID: d03dc26a427de5472c86c0df42faaa5497c707a0edb211741694de68d8371b30
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 351522254fade45c1f4b1c7106700041852f67dcfa67b4edec2b2cc4d4dd7fa1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D4144B1D00659DFDB50CFA9C880BDEBBF1EB48714F108029E919AB790D7759846CF91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BAF88 Relevance: 1.6, APIs: 1, Instructions: 79threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 063BB00E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ContextThreadWow64
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 983334009-0
                                                                                                                                                                                                      • Opcode ID: 74e1cbe08dbfb46a9af54b18d422005683d7f3a8fbf596667f18f94dbbe28626
                                                                                                                                                                                                      • Instruction ID: f896c916794dba78800a8aca664d8fbbe5daa1018dd3f4ec9efed568f7145b1c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 74e1cbe08dbfb46a9af54b18d422005683d7f3a8fbf596667f18f94dbbe28626
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FE314AB5E002098FDB50CFA9C5817EEFBF5EB88364F10842AD659A7640DB38A945CF94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BB128 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 063BB1B8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MemoryProcessWrite
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3559483778-0
                                                                                                                                                                                                      • Opcode ID: 2e844ec10be71eea0f06f4cb527dc4d0a6bfd526beceba9433810ae7d5941f12
                                                                                                                                                                                                      • Instruction ID: 597043790a3a8db6438dc2633d9b3cc3b54b99749c8bd08b93062dfcac66b41b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2e844ec10be71eea0f06f4cb527dc4d0a6bfd526beceba9433810ae7d5941f12
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BD2127B1D003599FCB10CFAAC885BDEBBF5FF48310F14842AE959A7250DB789954CBA4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BB127 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 063BB1B8
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MemoryProcessWrite
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3559483778-0
                                                                                                                                                                                                      • Opcode ID: 113a91bce1fea46058808ddb9c8c760b0c3fe163596b8f22bbbe619c6c5fc70a
                                                                                                                                                                                                      • Instruction ID: e4c55557b8bdc5c8fdbeb950fe628faa041c338dc95022b38ab6aa458d15f0c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 113a91bce1fea46058808ddb9c8c760b0c3fe163596b8f22bbbe619c6c5fc70a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EB2125B1D003599FCB10CFAAC885BDEBBF5FF48310F14842AE959A7250DB789954CBA4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BB708 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 063BB790
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MemoryProcessRead
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1726664587-0
                                                                                                                                                                                                      • Opcode ID: b2e51b9ef1ffc9de69bfa4e024f552d3fe2b5692156dac79ffe673094f114823
                                                                                                                                                                                                      • Instruction ID: 89d9b0751d63998be04320af86700b865bb275e3f453efda62555ce1ef349460
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2e51b9ef1ffc9de69bfa4e024f552d3fe2b5692156dac79ffe673094f114823
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6C2136B1C002499FCB10DFAAC881ADEFBF4FF48320F10842AE559A7250DB789945CBA4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02804F67 Relevance: 1.6, Strings: 1, Instructions: 316COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 0
                                                                                                                                                                                                      • API String ID: 0-4108050209
                                                                                                                                                                                                      • Opcode ID: ca947c9b2adf47b4e2f2cced8e9a98b1ebe062156d9ff18834ab275bf257f66b
                                                                                                                                                                                                      • Instruction ID: 8f8f374856abf059b9eb5a352c67abf3f91fa520d12aca054a6d38a3f37ee60b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ca947c9b2adf47b4e2f2cced8e9a98b1ebe062156d9ff18834ab275bf257f66b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C9C1AC5219CAC31EE3634AB8ACB4BD6BF989F43234F1843C7D5E45D8E2D3AC11C29256
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BB060 Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 063BB0D6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                      • Opcode ID: f22b7133d82a7c2520908bd8e5e0c2b901ab3282b399833c6a15f3824ec522fb
                                                                                                                                                                                                      • Instruction ID: eaf9907990520df5088fb1ee997457ff7422e7c29f4c7da4ab7d76b0b7a37535
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f22b7133d82a7c2520908bd8e5e0c2b901ab3282b399833c6a15f3824ec522fb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 312179B6D00209CFCB20DF99D8406EEFBF5EB88324F24842AD565A7250CB359554CFA4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BA10B Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 063BA196
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DuplicateHandle
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3793708945-0
                                                                                                                                                                                                      • Opcode ID: fd5b02a5bf8060909a1db18447cd23dd9ba7841db491f8dfddcb669164ef8107
                                                                                                                                                                                                      • Instruction ID: 0ab3f2a9c8f34c3891f9082a19cfc039d61f1490eba80cf662f374959b97bc1f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fd5b02a5bf8060909a1db18447cd23dd9ba7841db491f8dfddcb669164ef8107
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D02168B2900249DFDB10CF9AD884BEEBBF5EF48310F14842AE954A7250C338A951CFA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BA110 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 063BA196
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DuplicateHandle
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3793708945-0
                                                                                                                                                                                                      • Opcode ID: 170039fc8c31b6876704f34c570f391147469c2083990cc83d5652f1c7a3f6d9
                                                                                                                                                                                                      • Instruction ID: 3c6a73779079a05f956c207666a8d9ce5335d8907f6884bb016f0626646eec8c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 170039fc8c31b6876704f34c570f391147469c2083990cc83d5652f1c7a3f6d9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1216AB1800249DFCB10CF9AD844BDEBBF4EF48310F14802AE954A3250D778A950CFA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BB710 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 063BB790
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MemoryProcessRead
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1726664587-0
                                                                                                                                                                                                      • Opcode ID: e634b58c7780d9ee2c72598652d190cbd15e04fc700fd773c9826294f9f175cd
                                                                                                                                                                                                      • Instruction ID: 8581f340c597f01504202523e2390f4699ae814a60266b31440bd0cd432c072e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e634b58c7780d9ee2c72598652d190cbd15e04fc700fd773c9826294f9f175cd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 462128B1C002599FCB10DFAAC881ADEFBF5FF48320F10842AE559A7250DB749544CBA4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BAF90 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 063BB00E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ContextThreadWow64
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 983334009-0
                                                                                                                                                                                                      • Opcode ID: 87efa7f2d1f77bede1674207d020151d9e14a7fe717af7c14dc2871314652f0b
                                                                                                                                                                                                      • Instruction ID: fe26ddd16157d17c69cefd200bfc797c69d7e205f7dc27a612cc68d7b9573a1f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 87efa7f2d1f77bede1674207d020151d9e14a7fe717af7c14dc2871314652f0b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F42118B1D002098FDB10DFAAC5857EEFBF4EF48324F14842AD559A7240DB789945CFA5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02804E00 Relevance: 1.6, Strings: 1, Instructions: 311COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: #
                                                                                                                                                                                                      • API String ID: 0-1885708031
                                                                                                                                                                                                      • Opcode ID: 42e528faece44069bddcb485236a79cf2b8e97d95de929a4891b4e42e4a094d7
                                                                                                                                                                                                      • Instruction ID: a4bad71bf6cad8e1bbb557f4333d758f97d46fbc2ca5949c1871cc474daaaf13
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42e528faece44069bddcb485236a79cf2b8e97d95de929a4891b4e42e4a094d7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4DC19B5219CAC31EE3634AB8AC75BC6BF988F43234F1843C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805B4B Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 9
                                                                                                                                                                                                      • API String ID: 0-2366072709
                                                                                                                                                                                                      • Opcode ID: b2829a924120a7b6c29dd715bc44ac22713d3730a152be7285cf11787c730e12
                                                                                                                                                                                                      • Instruction ID: d155375f5d281cbc7c29daf490940170feff3143c803ea1b36feea9200b01ab2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2829a924120a7b6c29dd715bc44ac22713d3730a152be7285cf11787c730e12
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CC1995219CAC31EE3634AB8AC74BD6BF989F43234F1943C3D5E45D8E2D3AC11C29266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280584C Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: m
                                                                                                                                                                                                      • API String ID: 0-3775001192
                                                                                                                                                                                                      • Opcode ID: f953511bae88a167b6b7a7c18c60239498ccb2399438edc5de63eb6466be7dc1
                                                                                                                                                                                                      • Instruction ID: 42226366d5d85d2e9555b7dc7e39ce2318643f3e05dbfa5abfa7ba1358716e1b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f953511bae88a167b6b7a7c18c60239498ccb2399438edc5de63eb6466be7dc1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63C1895219CAC31EE3634AB8AC74BC6BF989F43234F1943C3D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805223 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: V
                                                                                                                                                                                                      • API String ID: 0-1342839628
                                                                                                                                                                                                      • Opcode ID: 1ed032d2c86388118569697375364efd5c50e77bb4c7c3aa9c92b177783d3263
                                                                                                                                                                                                      • Instruction ID: e3f257b86ebe90554af433b81579da848874c06ae24c7d858e9ce8160f3a244b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ed032d2c86388118569697375364efd5c50e77bb4c7c3aa9c92b177783d3263
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21C1895219CAC31EE3634AB8AC74BD6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805635 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: T
                                                                                                                                                                                                      • API String ID: 0-3187964512
                                                                                                                                                                                                      • Opcode ID: ea2af02c4ede596924a2ce2bb24c40f8137ad8aa58f35f7647830d751d0795e9
                                                                                                                                                                                                      • Instruction ID: 82a5c65bb09ae697284f655af0529cf1417d6d8c0c1f60e5ab9d067d3f930c5c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea2af02c4ede596924a2ce2bb24c40f8137ad8aa58f35f7647830d751d0795e9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9AC1995219CAC31EE3630AB8AC75BC6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805527 Relevance: 1.6, Strings: 1, Instructions: 304COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: n
                                                                                                                                                                                                      • API String ID: 0-2013832146
                                                                                                                                                                                                      • Opcode ID: 0e6937113c87644d417483a8e4b54b6b65c7f0ffdfb90a6833e944a9062941e8
                                                                                                                                                                                                      • Instruction ID: 30288d1942a314a6f8d040dda9c8ddb32ad6b4e841e390041e9b0771f9c75ded
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e6937113c87644d417483a8e4b54b6b65c7f0ffdfb90a6833e944a9062941e8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2CC18A5219CAC31EE3634AB8AC74BC6BF989F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BB068 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 063BB0D6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocVirtual
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4275171209-0
                                                                                                                                                                                                      • Opcode ID: bbff2c3ce9c53167e8c22d290f497cf50a1e31a4ae9baa2b8d753dc0bf25b938
                                                                                                                                                                                                      • Instruction ID: 4994bf08f001599fd961f76b926a74254dba472df8b010ad1022ccde5a9cdc6a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bbff2c3ce9c53167e8c22d290f497cf50a1e31a4ae9baa2b8d753dc0bf25b938
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 581126B19002499FCB20DFAAC844AEEFFF5EB88324F108419E559A7250CB75A554CFA4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BAED8 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ResumeThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 947044025-0
                                                                                                                                                                                                      • Opcode ID: 9b4233e5adb4a9fe9d8f793bd8151477027c6d0e834d17c79e86b1544b02ec68
                                                                                                                                                                                                      • Instruction ID: 224e42a4686741986e3ed094978115c1070da8549181403f48b1a90f1856296a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9b4233e5adb4a9fe9d8f793bd8151477027c6d0e834d17c79e86b1544b02ec68
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BF1146B1D042488BDB10DFAAC8457DEFBF4EB88324F20842AD559A7240CA789545CB94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028052D3 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: o
                                                                                                                                                                                                      • API String ID: 0-252678980
                                                                                                                                                                                                      • Opcode ID: 6d1e58a3716045e779e4a3e43646a4922c415a8a7a8b81da5e5ff284fc077b83
                                                                                                                                                                                                      • Instruction ID: 567dac8f2762fb477850d027861344ae2c450c8f84198caaf683ccc3189a760b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6d1e58a3716045e779e4a3e43646a4922c415a8a7a8b81da5e5ff284fc077b83
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26C1895219CAC31EE3630AB8AC74BD6BF988F43234F1943C7D5E45C8E2D3AC11C69256
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805262 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: x
                                                                                                                                                                                                      • API String ID: 0-2363233923
                                                                                                                                                                                                      • Opcode ID: 95fbf0151971380106f0eb8a2aff8d16a35448a4650650d2face8373c7749157
                                                                                                                                                                                                      • Instruction ID: 1d3179e50673a399e4489b31b4373f9fafd9f9babb59076bcf80c240d77d46b7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 95fbf0151971380106f0eb8a2aff8d16a35448a4650650d2face8373c7749157
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 51C1885219CAC31EE3630AB8AC75BD6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028060BA Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                      • Opcode ID: 33f645156883872e9ef46d114fe379318d52958f898dcedf7fa3ed6bc41fe5c7
                                                                                                                                                                                                      • Instruction ID: c2795f748594d22230cd147c17748b572a2ccf94229c003997c75ba8761b25ad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33f645156883872e9ef46d114fe379318d52958f898dcedf7fa3ed6bc41fe5c7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F8C1885219CAC31EE3630AB8AC75BD6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280603E Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: d
                                                                                                                                                                                                      • API String ID: 0-2564639436
                                                                                                                                                                                                      • Opcode ID: f380b28700dbcbccf7b3dab600ee6ebf752ca4664a7974fa37714c1c91560cb7
                                                                                                                                                                                                      • Instruction ID: 152aa708a126fc09f3f76299f02d0b5f9504965892a709d3553b66ee620663f6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f380b28700dbcbccf7b3dab600ee6ebf752ca4664a7974fa37714c1c91560cb7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BBC1985219CAC31EE3634AB8AC75BC6BF988F43234F1943C7D5E45C8E2D3AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280519E Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: Y
                                                                                                                                                                                                      • API String ID: 0-3233089245
                                                                                                                                                                                                      • Opcode ID: b23d087edc1114484086b4d4272b1e9a37268ed95812556cdee67e5efdde4226
                                                                                                                                                                                                      • Instruction ID: 69053b710c3c483aa4666e97ce9a8a361035249424561321f9dd989db053c432
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b23d087edc1114484086b4d4272b1e9a37268ed95812556cdee67e5efdde4226
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FC1885219DAC31EE3630AB8AC75BC6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028059F7 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: +
                                                                                                                                                                                                      • API String ID: 0-2126386893
                                                                                                                                                                                                      • Opcode ID: 52befd74aa6db7ed1d0e4cb4ad1b2a1ea24c44a6e83355cc01bb2f63dcc70543
                                                                                                                                                                                                      • Instruction ID: 64dbd2c269f96db92b7dc5c884c6a6cbc8aa37094331e0b8df2660e3991359ab
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52befd74aa6db7ed1d0e4cb4ad1b2a1ea24c44a6e83355cc01bb2f63dcc70543
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90C1875219DAC31EE3630AB8AC74BC6BF988F43234F1943C7D5E45C8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805106 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: j
                                                                                                                                                                                                      • API String ID: 0-2137352139
                                                                                                                                                                                                      • Opcode ID: 65d42f6502f6bb785fed3fca7897fe8b2bc5f49403fa7d8cddbecde237d733fc
                                                                                                                                                                                                      • Instruction ID: 5855cff8d6a78fcd51b98d1855d61e8dfdf2f8e719140f84c8679d86f0cfffea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65d42f6502f6bb785fed3fca7897fe8b2bc5f49403fa7d8cddbecde237d733fc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D5C1895219DAC31EE3630AB8AC74BC6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02804E8B Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: [
                                                                                                                                                                                                      • API String ID: 0-784033777
                                                                                                                                                                                                      • Opcode ID: 38a844e16c910645e4ec4ffe244923078d5aecaf626d93098210ae724154ade0
                                                                                                                                                                                                      • Instruction ID: 79df921026884b1ed904044dd279afc1d5322737e71f6b346b6831997fc2225a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 38a844e16c910645e4ec4ffe244923078d5aecaf626d93098210ae724154ade0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1C1885219CAC31EE3630AB8AC75BC6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028056B8 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: N
                                                                                                                                                                                                      • API String ID: 0-1130791706
                                                                                                                                                                                                      • Opcode ID: d66e29588c6d5e43aa9855150b02fdc3d1581252fd1fab7a6254ce86ea5a078e
                                                                                                                                                                                                      • Instruction ID: c9a05a35d0b541dd437708826ea7088eb96d718cc596428524c0ecccdc7fd28f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d66e29588c6d5e43aa9855150b02fdc3d1581252fd1fab7a6254ce86ea5a078e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5C1885219CAC31EE3630AB8AC75BC6BF989F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02804EEF Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (
                                                                                                                                                                                                      • API String ID: 0-3887548279
                                                                                                                                                                                                      • Opcode ID: 94fac3ac9ebf3a0e405abbd73a44c206cf270e35c8822198f57e306642ce2c79
                                                                                                                                                                                                      • Instruction ID: 8f2ded05f21542813ed87d71bbb2a70e45a658458bab8880191ba0e6e5187f82
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 94fac3ac9ebf3a0e405abbd73a44c206cf270e35c8822198f57e306642ce2c79
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 59B1995219DAC31EE3634BB8AC75BD6BF988F43234F1943C3D4E45D8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02804E38 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 2
                                                                                                                                                                                                      • API String ID: 0-450215437
                                                                                                                                                                                                      • Opcode ID: 6e1e868ad4f6e2c9d72ff95d2d87a51734b3bcbbc305897db11c49813b573eee
                                                                                                                                                                                                      • Instruction ID: a2c836281b4341d210cc7eff1f76d38475ac6d24160181c6af629a164f085d73
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e1e868ad4f6e2c9d72ff95d2d87a51734b3bcbbc305897db11c49813b573eee
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5EC1985219CAC31EE3630AB8AC74BC6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02804F9F Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 4
                                                                                                                                                                                                      • API String ID: 0-4088798008
                                                                                                                                                                                                      • Opcode ID: 1ed4b8efbe8d72015a72bef257fec7ae64337a091d926fbd405c6f962c2d9cbe
                                                                                                                                                                                                      • Instruction ID: 36dd8ef7bb6817483f13632d46752d2c2dbac2a31608d65b00df04cd484b8144
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ed4b8efbe8d72015a72bef257fec7ae64337a091d926fbd405c6f962c2d9cbe
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4FC1875219DAC31EE3634AB8AC75BC6BF988F43234F1943C7D5E45C8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280548A Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: L
                                                                                                                                                                                                      • API String ID: 0-2909332022
                                                                                                                                                                                                      • Opcode ID: 1ac86a99c52751b557fc7c8ecec3a919d3e67be8c6a93b59edaa009ebcbc0e86
                                                                                                                                                                                                      • Instruction ID: 48c64d902882a42e5f07c15a1cd0b8c8839b4e6a82ae700c927845d04ac9177c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1ac86a99c52751b557fc7c8ecec3a919d3e67be8c6a93b59edaa009ebcbc0e86
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DBC1985219DAC31EE3630AB8AC74BD6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805CD8 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: !
                                                                                                                                                                                                      • API String ID: 0-2657877971
                                                                                                                                                                                                      • Opcode ID: aecc5668e0dbced3c898bf1f2dad6831e95e3a62b551d7cb0f50bcd3cdac1907
                                                                                                                                                                                                      • Instruction ID: 002aaaec4d4e457f4481cc53e5b75da850f949a8dd0d38c5e4a3f8ab7ff639f7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: aecc5668e0dbced3c898bf1f2dad6831e95e3a62b551d7cb0f50bcd3cdac1907
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FFC1885219DAC31EE3630AB8AC75BC6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028054E7 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: ]
                                                                                                                                                                                                      • API String ID: 0-3352871620
                                                                                                                                                                                                      • Opcode ID: ade98807a831874ca1266dfea0e04b5cede7ab830be571af74dd9e035a711767
                                                                                                                                                                                                      • Instruction ID: 4cef9584e9c956b3b0713a3890ad6b30a8f697b09f9aaaa7766beb5a7b250ff7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ade98807a831874ca1266dfea0e04b5cede7ab830be571af74dd9e035a711767
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32C1885219CAC31EE3630AB8AC75BC6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028055C1 Relevance: 1.6, Strings: 1, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: G
                                                                                                                                                                                                      • API String ID: 0-985283518
                                                                                                                                                                                                      • Opcode ID: 8c33ce211af622a238aba54bc100d45f39e326f57b481a1ba05b94ebcd993932
                                                                                                                                                                                                      • Instruction ID: c021b36cf69b88f372065e2e88fbae9380eea6217c10d464208ed2978846614a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c33ce211af622a238aba54bc100d45f39e326f57b481a1ba05b94ebcd993932
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5FC1795219CAC31EE3634AB8AC75BC6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805C5D Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: A
                                                                                                                                                                                                      • API String ID: 0-3554254475
                                                                                                                                                                                                      • Opcode ID: caa44962aa46ed64a9d494094ee64b246c8866b55cd9affb41a659759ea92a17
                                                                                                                                                                                                      • Instruction ID: 3087aee0c13aab1349b4390c9b6c6b22356bc818484b58778b37ab1232379687
                                                                                                                                                                                                      • Opcode Fuzzy Hash: caa44962aa46ed64a9d494094ee64b246c8866b55cd9affb41a659759ea92a17
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7B1795219DAC31EE3630AB8AC75BD6BF988F43234F1943C7D5E45C8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 063BAEE0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2098311877.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_63b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ResumeThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 947044025-0
                                                                                                                                                                                                      • Opcode ID: c8af49514493e9cae2aca68d084321ca7b9bd289cbf41736ae89f68262a7a735
                                                                                                                                                                                                      • Instruction ID: 9a80d13c294455e30c82c3ff119ffd024acc0e6f951b5b097749a8f579eef40c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8af49514493e9cae2aca68d084321ca7b9bd289cbf41736ae89f68262a7a735
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8113AB1D042498FDB10DFAAC8457DEFBF4EB88324F208419D559A7250CB75A544CF94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280530E Relevance: 1.5, Strings: 1, Instructions: 298COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 6
                                                                                                                                                                                                      • API String ID: 0-498629140
                                                                                                                                                                                                      • Opcode ID: dbdf0587dffa045ddfe8b34e8137e04973e0fbde49f80ee3cee0bc336b7de4ee
                                                                                                                                                                                                      • Instruction ID: bedcdbe658990d12d2523c3ca1f047b670fb76c791b211a0901c55c7f1aeff92
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dbdf0587dffa045ddfe8b34e8137e04973e0fbde49f80ee3cee0bc336b7de4ee
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBB1895219DAC31EE3634BB8AC75BC6BF988F43234F1943C7D4E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02804E6C Relevance: 1.5, Strings: 1, Instructions: 298COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: :
                                                                                                                                                                                                      • API String ID: 0-336475711
                                                                                                                                                                                                      • Opcode ID: 9f3464e490ff433c852689591feb22b08d67320c402a52f4de04b31d58cac219
                                                                                                                                                                                                      • Instruction ID: 2b60e67cec80b9a22ffccebb64cd3e084f0ef51e7574b1ed24b325b899c20cdd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9f3464e490ff433c852689591feb22b08d67320c402a52f4de04b31d58cac219
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DFB1875219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02804FDA Relevance: 1.5, Strings: 1, Instructions: 296COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: H
                                                                                                                                                                                                      • API String ID: 0-2852464175
                                                                                                                                                                                                      • Opcode ID: 371b79ad92edfd9c993e8633b75a10d89489d761b0a922e747ba519070899145
                                                                                                                                                                                                      • Instruction ID: 96c73fdfbcedfdc2ef05b019ca7c8c4ff3629c330ddd8270ad08d821e6802b95
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 371b79ad92edfd9c993e8633b75a10d89489d761b0a922e747ba519070899145
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7DB1885219DAC31EE3634BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805AEE Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: M
                                                                                                                                                                                                      • API String ID: 0-3664761504
                                                                                                                                                                                                      • Opcode ID: 5d9e3723da17b34fb7d1847690e1711f5476388040a18f394a29ac7f6345578b
                                                                                                                                                                                                      • Instruction ID: 4b3459291e75510efe3ae4cda2f177334a7294282e8085ee85c1863ecfec01e2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d9e3723da17b34fb7d1847690e1711f5476388040a18f394a29ac7f6345578b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805A32 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: w
                                                                                                                                                                                                      • API String ID: 0-476252946
                                                                                                                                                                                                      • Opcode ID: eefa233825699fa4da01b40237e699eb5c1fcd06af8a09bff23390929d9c7531
                                                                                                                                                                                                      • Instruction ID: 2d3e87059d4d25ef05b3044694f8ff113e84ea5565c4a4b6b65d20e00bb49395
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eefa233825699fa4da01b40237e699eb5c1fcd06af8a09bff23390929d9c7531
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D4E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805BAE Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: s
                                                                                                                                                                                                      • API String ID: 0-453955339
                                                                                                                                                                                                      • Opcode ID: 8ee91094d18749ba8a7e35dc14e4b71dfe100cd6fc88eed26a8838f6af2a9cac
                                                                                                                                                                                                      • Instruction ID: 4ab4d612c7941117c452204f394576ea52adcc295e19082a378bc0a3470417d4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8ee91094d18749ba8a7e35dc14e4b71dfe100cd6fc88eed26a8838f6af2a9cac
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2AB1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028053E1 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: )
                                                                                                                                                                                                      • API String ID: 0-2427484129
                                                                                                                                                                                                      • Opcode ID: ea3242c0efe145c0b12328e3d1035841be3aba4ed309c75126e43808b0587af4
                                                                                                                                                                                                      • Instruction ID: f768211c000ad4bd27e9d0449799f4d4acaec7e730c7ae510c71676d06922910
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ea3242c0efe145c0b12328e3d1035841be3aba4ed309c75126e43808b0587af4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C4B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280508B Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 4
                                                                                                                                                                                                      • API String ID: 0-4088798008
                                                                                                                                                                                                      • Opcode ID: 2bf85e9410594d6ffb0c8dc5eeb23111909fc80e8b5da7042c6aa439cf0f201f
                                                                                                                                                                                                      • Instruction ID: fae5445b4106649c3373af8c96ca0ce7cb6aa162aa96bc1c685d7bab0d6cdd7c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2bf85e9410594d6ffb0c8dc5eeb23111909fc80e8b5da7042c6aa439cf0f201f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7B1765219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02806098 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: I
                                                                                                                                                                                                      • API String ID: 0-3707901625
                                                                                                                                                                                                      • Opcode ID: f73a4a2a686c02d1593d477f803edf1a9f076e84f8c85a9c146a467a4be57d65
                                                                                                                                                                                                      • Instruction ID: 294371c88c2da248c0510d390590560e17d51141e7da392c65da0973a20066ac
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f73a4a2a686c02d1593d477f803edf1a9f076e84f8c85a9c146a467a4be57d65
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 67B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028058D4 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: ,
                                                                                                                                                                                                      • API String ID: 0-3772416878
                                                                                                                                                                                                      • Opcode ID: 1dbea60bb6c1d365f5e9afe1283e867a8c029c56b6d97abcdde441b35a4b5865
                                                                                                                                                                                                      • Instruction ID: 852bb5cb3d17b1edffed844f3da00cb4e5e95eb7907cdbc8eec9d1fcc41bb320
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1dbea60bb6c1d365f5e9afe1283e867a8c029c56b6d97abcdde441b35a4b5865
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6AB1765219DAC31EE3630AB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028050E4 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: C
                                                                                                                                                                                                      • API String ID: 0-1037565863
                                                                                                                                                                                                      • Opcode ID: e8840fbded6017af6855e838bb2a0d05d8f99d853a9aa7fb3c0cd8932c5679ec
                                                                                                                                                                                                      • Instruction ID: 0d5779250b891fb6f5cc65f0c13cb11fba7704d4ee381db8fdc14c449edcce82
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e8840fbded6017af6855e838bb2a0d05d8f99d853a9aa7fb3c0cd8932c5679ec
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A9B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028060F5 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: P
                                                                                                                                                                                                      • API String ID: 0-3110715001
                                                                                                                                                                                                      • Opcode ID: 7064400c1701956817105d9189095ff49ee7533d2fce8599b0ad60fce86e4f7a
                                                                                                                                                                                                      • Instruction ID: 4702b1cf5c0c60f60579a0ebd5fc524e5032a7f7566ce32d9824f36a5a10a9a2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7064400c1701956817105d9189095ff49ee7533d2fce8599b0ad60fce86e4f7a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D2B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280601C Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: =
                                                                                                                                                                                                      • API String ID: 0-2322244508
                                                                                                                                                                                                      • Opcode ID: dd8325700131bd668c2d6d6c5196ba093166fae74bd4e4eafebe6f69443bf39c
                                                                                                                                                                                                      • Instruction ID: 2f667c18ebdfca89a667de6aff7afc9443aa92b513c4e17eeea7b92d75dec89a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd8325700131bd668c2d6d6c5196ba093166fae74bd4e4eafebe6f69443bf39c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F7B1765219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D4E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280598B Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 1
                                                                                                                                                                                                      • API String ID: 0-2212294583
                                                                                                                                                                                                      • Opcode ID: 45554a8ab38bdf2952537c20d01387083cc6fbe0c77158e5b9089139d0fe8253
                                                                                                                                                                                                      • Instruction ID: f5c7bd99c09f5d6e3ed3cc0840b05e45e09b35d597793be2b54fb0e6ea0baa8b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 45554a8ab38bdf2952537c20d01387083cc6fbe0c77158e5b9089139d0fe8253
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028059AD Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: O
                                                                                                                                                                                                      • API String ID: 0-878818188
                                                                                                                                                                                                      • Opcode ID: f36820bdcf18ce31fdcf76497c173de1cc1abc6125b6e8c9f0e2b7dfa2f07886
                                                                                                                                                                                                      • Instruction ID: e349536e06cf9a161ee3a71d413464b75d9ab142a4df145a50aeb5c7d9cd7f86
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f36820bdcf18ce31fdcf76497c173de1cc1abc6125b6e8c9f0e2b7dfa2f07886
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BFB1875219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028061C7 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: >
                                                                                                                                                                                                      • API String ID: 0-325317158
                                                                                                                                                                                                      • Opcode ID: 8a4704487d4b73d2ccba3ce9ff1d43fa45b268cf8ade14aa54cc6fbed65bbc6e
                                                                                                                                                                                                      • Instruction ID: c7ffd9bf443db3105167ddb43c2fd86768d7d5dcd737927ee726304df5aa94e4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8a4704487d4b73d2ccba3ce9ff1d43fa45b268cf8ade14aa54cc6fbed65bbc6e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85B1875219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028059D5 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: a
                                                                                                                                                                                                      • API String ID: 0-3904355907
                                                                                                                                                                                                      • Opcode ID: 5e587e5fb51ce3a5bd4b94bb0d65d25694596939307038fbf567cfdebc32793b
                                                                                                                                                                                                      • Instruction ID: 601c163dfe7c67b0b3894da23cf7766f0e1f8c0e14352838976594b9b73f38ad
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5e587e5fb51ce3a5bd4b94bb0d65d25694596939307038fbf567cfdebc32793b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 63B1865219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028051D9 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: E
                                                                                                                                                                                                      • API String ID: 0-3568589458
                                                                                                                                                                                                      • Opcode ID: 77e208cf79afb786ae4fbfc61097f553b6fc4f629b9fd0ae9689ddeb4b2cec2c
                                                                                                                                                                                                      • Instruction ID: 9f40cbec85979cc51e27bdc4c927d1de7e125b60c99949aa7d14a3883f880390
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 77e208cf79afb786ae4fbfc61097f553b6fc4f629b9fd0ae9689ddeb4b2cec2c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 34B1785219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028061E5 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: F
                                                                                                                                                                                                      • API String ID: 0-1304234792
                                                                                                                                                                                                      • Opcode ID: 6e032a67d167eaf535ab1781651bd64cf4cdfd8446585bfc6dc62766ee83b812
                                                                                                                                                                                                      • Instruction ID: 507dee03459cdbb1395191b88b3955eb6fefffcae76222b8efc5c61500e0714a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6e032a67d167eaf535ab1781651bd64cf4cdfd8446585bfc6dc62766ee83b812
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97B1875219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805947 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: .
                                                                                                                                                                                                      • API String ID: 0-248832578
                                                                                                                                                                                                      • Opcode ID: 72ff9c84216f18e82080e7019f79c46ce44227c3ac2c2b16392875d71f8133ac
                                                                                                                                                                                                      • Instruction ID: 9e13d38e2117f4e02461692a17526b6dc477b7137acca02e3fec01f4350b688f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 72ff9c84216f18e82080e7019f79c46ce44227c3ac2c2b16392875d71f8133ac
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8EB1775219DAC31EE3630BB8AC75BC6BF988F43234F5943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805969 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: b
                                                                                                                                                                                                      • API String ID: 0-1908338681
                                                                                                                                                                                                      • Opcode ID: 29f47308924bc1958cdfdb188ede85742c380380d90b74db448fb83ae1828801
                                                                                                                                                                                                      • Instruction ID: 7a3dcb651b4ec093a0068a582d2895c878d5bd2863b9e095d8773e0714c1c8ae
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 29f47308924bc1958cdfdb188ede85742c380380d90b74db448fb83ae1828801
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0FB1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280517C Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 5
                                                                                                                                                                                                      • API String ID: 0-2226203566
                                                                                                                                                                                                      • Opcode ID: c1ce0ff7bcba6b18a78bed1724e9a169b120b77185b1914428d5737bcc4ade4f
                                                                                                                                                                                                      • Instruction ID: 0792f858f60604d6fb12bb14e7b7c124398c4d8b6f9514e6d0c49633aa426efb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c1ce0ff7bcba6b18a78bed1724e9a169b120b77185b1914428d5737bcc4ade4f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805EC1 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: X
                                                                                                                                                                                                      • API String ID: 0-3081909835
                                                                                                                                                                                                      • Opcode ID: d09b1513878f2e28103544b9ef5c18425ec676deddcd26f6a1dedfefe9d7a16c
                                                                                                                                                                                                      • Instruction ID: 28f644b175b9b8074a77a70414c2439ac553328fa2f6cc3f80c061f7bcdeb600
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d09b1513878f2e28103544b9ef5c18425ec676deddcd26f6a1dedfefe9d7a16c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6DB1765219DAC31EE3630AB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805EE3 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: D
                                                                                                                                                                                                      • API String ID: 0-2746444292
                                                                                                                                                                                                      • Opcode ID: f3418c43d6e9d870604ddfca527e475980e8062cdb3107bda762b61f24d2ac84
                                                                                                                                                                                                      • Instruction ID: 1662b8a06cce40e8261b55a43b5b934d5eb0056c59cbd16ca16f8843655206ed
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3418c43d6e9d870604ddfca527e475980e8062cdb3107bda762b61f24d2ac84
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 09B1875219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805E47 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: {
                                                                                                                                                                                                      • API String ID: 0-366298937
                                                                                                                                                                                                      • Opcode ID: 79f2d1477a5959c419a92ccf5f62f7bb6947a347366fea99dc1645af7ba29e60
                                                                                                                                                                                                      • Instruction ID: b1f14f4909abfc71b9c442ea1312f29b41599797b8edf4a394bbe68806a33346
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79f2d1477a5959c419a92ccf5f62f7bb6947a347366fea99dc1645af7ba29e60
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EEB1765219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805674 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 8
                                                                                                                                                                                                      • API String ID: 0-4194326291
                                                                                                                                                                                                      • Opcode ID: d9438e16fe604744c440898f1bce974ba8d7e8b0c770d03a3431387a1d76e0e1
                                                                                                                                                                                                      • Instruction ID: dfa43da04b5ecef5bda478a7f68cf07f107ca650bdaea818641db6e1a442ee5e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d9438e16fe604744c440898f1bce974ba8d7e8b0c770d03a3431387a1d76e0e1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ACB1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805F05 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: f
                                                                                                                                                                                                      • API String ID: 0-1993550816
                                                                                                                                                                                                      • Opcode ID: 15988656ea4a9916356ed171c657160914e9da7309f8328e448a76ec80a88f3f
                                                                                                                                                                                                      • Instruction ID: 2e9b0e26497d90872a3407f09466de0c95aa50d3d2df68ef7c1600120e3dbd8e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 15988656ea4a9916356ed171c657160914e9da7309f8328e448a76ec80a88f3f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02804F45 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: c
                                                                                                                                                                                                      • API String ID: 0-112844655
                                                                                                                                                                                                      • Opcode ID: 9be1c009120eefa560cd9d478a947e1bad9c8842f6fafb550c497898289f9b68
                                                                                                                                                                                                      • Instruction ID: 07989a25f201b26b73e1fd5083da0f0e16db70fe1eccd62298d30010b5d63aa4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9be1c009120eefa560cd9d478a947e1bad9c8842f6fafb550c497898289f9b68
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DCB1785219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805CB6 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: "
                                                                                                                                                                                                      • API String ID: 0-123907689
                                                                                                                                                                                                      • Opcode ID: ee8dec115938902e307af7033c2677f17fac4f920f206c512abbe947388d3084
                                                                                                                                                                                                      • Instruction ID: 9a0aa63f8a1f3d650436958fc47de07b4f936bff864ad914ada9af76af442082
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee8dec115938902e307af7033c2677f17fac4f920f206c512abbe947388d3084
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E0B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280559F Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 2
                                                                                                                                                                                                      • API String ID: 0-450215437
                                                                                                                                                                                                      • Opcode ID: 992e4f1dbe4491f94144b558f42984a22b53036d1f1979b0c343ef2141eec560
                                                                                                                                                                                                      • Instruction ID: 248c56e61e44da69e78beb64168e7b27ff9644029964c54b3d5545395bd958a2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 992e4f1dbe4491f94144b558f42984a22b53036d1f1979b0c343ef2141eec560
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9EB1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805DDA Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: Z
                                                                                                                                                                                                      • API String ID: 0-1505515367
                                                                                                                                                                                                      • Opcode ID: c4ce7e1247c33824d1a742c7688ce235c11242d4e9f1da89c3690da4ef2c7e89
                                                                                                                                                                                                      • Instruction ID: 4a2be4ba44089e8cfec4ded81cdad8fc9bde07c7ef740e596469e8c4b37fa7af
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4ce7e1247c33824d1a742c7688ce235c11242d4e9f1da89c3690da4ef2c7e89
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3DB1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805D13 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 3
                                                                                                                                                                                                      • API String ID: 0-1842515611
                                                                                                                                                                                                      • Opcode ID: 4c444ea7d4e5765fd8cbce663b4f6022a0c799827134a40e5d0da1677b0a0f71
                                                                                                                                                                                                      • Instruction ID: a50c116662f75f827a76a17672460ba2c102bd47a5f941ddd875fa1f4ce24705
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4c444ea7d4e5765fd8cbce663b4f6022a0c799827134a40e5d0da1677b0a0f71
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 43B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805D70 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: ?
                                                                                                                                                                                                      • API String ID: 0-1684325040
                                                                                                                                                                                                      • Opcode ID: 127db51a1b89f56925e194cba8a67cc132c6e01d0d53d3837030626992a32963
                                                                                                                                                                                                      • Instruction ID: e74c0d0593350eac9d4525d25963753e8864ba906dedaf480c303b82014d31c3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 127db51a1b89f56925e194cba8a67cc132c6e01d0d53d3837030626992a32963
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9DB1865219DAC31EE3630BB8AC75BD6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028053A4 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: U
                                                                                                                                                                                                      • API String ID: 0-3372436214
                                                                                                                                                                                                      • Opcode ID: 2be95a227bb244425829cd1f84c24b2914ed1a8f3b81a5bd70707b551705e0fb
                                                                                                                                                                                                      • Instruction ID: cc936f3fc208518b90cf23771a55463a2cc62698e6ac69f74e0568a0aab9c543
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2be95a227bb244425829cd1f84c24b2914ed1a8f3b81a5bd70707b551705e0fb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8B1784219DAC31EE3630BB8AC75BD6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805B30 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: S
                                                                                                                                                                                                      • API String ID: 0-543223747
                                                                                                                                                                                                      • Opcode ID: f9df829df1d35794d0799685db51b1d45b09d27b77c82fb236c1316048b601a1
                                                                                                                                                                                                      • Instruction ID: 512bc9975548a75e56fa028f73947b1091cf66bb317058fa7b5cb903009f468a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f9df829df1d35794d0799685db51b1d45b09d27b77c82fb236c1316048b601a1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 79B1784219DAC31EE3630BB8AC75BD6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805902 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: /
                                                                                                                                                                                                      • API String ID: 0-2043925204
                                                                                                                                                                                                      • Opcode ID: 5a1d8dcc613fcf9c7b38810affd5500307b1e23e772608748f8fc0cc64586791
                                                                                                                                                                                                      • Instruction ID: 760519e80fc54614acc3b515340a52e4ba812ab6ac79222a6fbec7e011682e57
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5a1d8dcc613fcf9c7b38810affd5500307b1e23e772608748f8fc0cc64586791
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16B1774219DAC31EE3630BB8AC75BD6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805E2C Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: B
                                                                                                                                                                                                      • API String ID: 0-1255198513
                                                                                                                                                                                                      • Opcode ID: 12b5d95d263e78e285f90c2d91733697eac67c91c1fc72f99dcfd8255453bbcf
                                                                                                                                                                                                      • Instruction ID: 8d14b98dbd14c701a73c3fd98a11d593ff5131ccaeea56a1fc4e3b36b19a8fcf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 12b5d95d263e78e285f90c2d91733697eac67c91c1fc72f99dcfd8255453bbcf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 52B1884219DAC31EE3630BB8AC75BC6BF888F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280575E Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: Y
                                                                                                                                                                                                      • API String ID: 0-3233089245
                                                                                                                                                                                                      • Opcode ID: 2fa333c745515c1e66738db8f9e0bafbe854bc942fa630de117422acc2ede778
                                                                                                                                                                                                      • Instruction ID: e20ba2fc4fa18082822d1522f9451dae1938c5842520d0e3eaf977633f409414
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fa333c745515c1e66738db8f9e0bafbe854bc942fa630de117422acc2ede778
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1B1774219DAC31EE3630BB8AC75BD6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BEDD9 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 4'^q
                                                                                                                                                                                                      • API String ID: 0-1614139903
                                                                                                                                                                                                      • Opcode ID: 44e3921aa4e39c22e70eb5dfc40d7cba56a50ee2e4347b1d984483d0ea0c2643
                                                                                                                                                                                                      • Instruction ID: d79684f9d0a0e1e9908bdeb8ac4d48f1ea4f1532e027409a993378e1b898ccbe
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 44e3921aa4e39c22e70eb5dfc40d7cba56a50ee2e4347b1d984483d0ea0c2643
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4BB10B34A10118DFDB04EFA8D894AEDBBB2FF88300F158655E546AB361DB70EC46CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02803114 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                      • API String ID: 0-2766056989
                                                                                                                                                                                                      • Opcode ID: c8cd2532a455d388179ee8e89d91ff8bac7f756ea24d484fb46121dc9c129b84
                                                                                                                                                                                                      • Instruction ID: 45f38396c5adb634beab6ca9f94551e92f052b96499c6587a1434989a3fbda7f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c8cd2532a455d388179ee8e89d91ff8bac7f756ea24d484fb46121dc9c129b84
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD91173CA00608DFEB94DF54D8D8B69B7B2FB89315F5481A5D906DB6A8C7B4AC85CF00
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02802D7E Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: @
                                                                                                                                                                                                      • API String ID: 0-2766056989
                                                                                                                                                                                                      • Opcode ID: 93418305ee5ff18bec328da7e7608d80d9bc6e3809745f9f0ac3bc11ab59a6d7
                                                                                                                                                                                                      • Instruction ID: 7f14a749f149df5ff13bb3c3951b0afe4e1722e273e8e3299c88fe7c1d651164
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93418305ee5ff18bec328da7e7608d80d9bc6e3809745f9f0ac3bc11ab59a6d7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1D71283C600508CFEB94DB64C8C8F69B7B2FB89315F1581A5E906DB7A9D7B4AC85CB40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280AE40 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: TJcq
                                                                                                                                                                                                      • API String ID: 0-1911830065
                                                                                                                                                                                                      • Opcode ID: dc79b2e8995e95a9ac97dae7162d6010fb007015404114f5a61dc0e0b3e30a96
                                                                                                                                                                                                      • Instruction ID: 082065be992e54e78e564daaef486e5a8a5517651b38872004f951169cb8b350
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dc79b2e8995e95a9ac97dae7162d6010fb007015404114f5a61dc0e0b3e30a96
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8D515C786006049FCB58DF78C884B5EB7E2BF89B24F244699E619DB3E1CB31E8058B55
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280AE30 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: TJcq
                                                                                                                                                                                                      • API String ID: 0-1911830065
                                                                                                                                                                                                      • Opcode ID: 2169523503bec8594caeb095b2686685a74207fc1927208e6b88bfabc3707bb7
                                                                                                                                                                                                      • Instruction ID: b7c78c6d6984e17b3df878c96d174e27f58fb7672b71f58f4fa261ec774e2f13
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2169523503bec8594caeb095b2686685a74207fc1927208e6b88bfabc3707bb7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2641C1386006049FDB18DF78CC84B5EB7E2AF89724F144699E659DB3E0CB31D8058B45
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B4C90 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: pbq
                                                                                                                                                                                                      • API String ID: 0-3896149868
                                                                                                                                                                                                      • Opcode ID: 591e12900a8d5d5d70a1d226c9d3306d8246b5d92b78f271e6084077f7742acc
                                                                                                                                                                                                      • Instruction ID: 0e9f2efba22608341be644d957235f9666539b56a7572d772ce833c2ba7bff9c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 591e12900a8d5d5d70a1d226c9d3306d8246b5d92b78f271e6084077f7742acc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 83410976640500AFCB4A9FA8C904D157BF7FF8C31471A84D4E2099B376DA32DC22EB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B5C48 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (bq
                                                                                                                                                                                                      • API String ID: 0-149360118
                                                                                                                                                                                                      • Opcode ID: ee04d4f1df83c74fdd3f8761cba26d1e515c9e5384cab35f7e854f610a3f215a
                                                                                                                                                                                                      • Instruction ID: 5ac1aac90df8c2554b67fa8e08cd29fb259cb60a948296636bb361feb7d41878
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ee04d4f1df83c74fdd3f8761cba26d1e515c9e5384cab35f7e854f610a3f215a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7241BE35A012169FCB11CF18C4849AAFBB1FF89324B198BA5D565EB392D730F856CBD0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B4C8B Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: pbq
                                                                                                                                                                                                      • API String ID: 0-3896149868
                                                                                                                                                                                                      • Opcode ID: 6a9e6ac5847a5f07ad75cbd2c9f80746afb53da803a14d27475f88499e528a20
                                                                                                                                                                                                      • Instruction ID: ee001d1ef91f1c19c871cc74183fe023384acbdccc904c572507d9f671cce656
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6a9e6ac5847a5f07ad75cbd2c9f80746afb53da803a14d27475f88499e528a20
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A841E876640500AFDB4A9FA8C954D597BF3FF8C31471A84D8E2099B376DA32DC22EB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B54C3 Relevance: 1.3, Strings: 1, Instructions: 98COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (bq
                                                                                                                                                                                                      • API String ID: 0-149360118
                                                                                                                                                                                                      • Opcode ID: c6dedd2b3fffadb1008e0747519751f784add709e3d24914846f4677aa27d66e
                                                                                                                                                                                                      • Instruction ID: 16862f048850849995d45580ef3cd5f594515f248bdad4c06bd34bcda59d254e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6dedd2b3fffadb1008e0747519751f784add709e3d24914846f4677aa27d66e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E53136367042925FE7055F68E8506AEBFA3EFC9350B14807AF909CB361CE758C16C790
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BDE58 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 4'^q
                                                                                                                                                                                                      • API String ID: 0-1614139903
                                                                                                                                                                                                      • Opcode ID: 99dcebd38f9acebc3dc4f7cee9488469850118b51df7079747f55fc0d3e39068
                                                                                                                                                                                                      • Instruction ID: 9e33d13dab6dcde7a87cec036f86a9173c03dc2a974b7a4996bd05d9f18d3f21
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99dcebd38f9acebc3dc4f7cee9488469850118b51df7079747f55fc0d3e39068
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BE31D131B40105DFEB099F50C894A99BBB3FF88310B0545A8EA06DB365CBB1EC53CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B3E80 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: Te^q
                                                                                                                                                                                                      • API String ID: 0-671973202
                                                                                                                                                                                                      • Opcode ID: 076d7371a1533617c269296f41ac1da422401ff4bc00afe168df9ec7e4f87005
                                                                                                                                                                                                      • Instruction ID: d817074aa1103b36162dcea1fec6fcd3be046f8b2ca81c1136f0f73a5165cba0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 076d7371a1533617c269296f41ac1da422401ff4bc00afe168df9ec7e4f87005
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E12106347042044FD7105F39DC59B9A7BF2AF85710F104566E541DB3E2DF70AC068B91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280EDC8 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: Te^q
                                                                                                                                                                                                      • API String ID: 0-671973202
                                                                                                                                                                                                      • Opcode ID: ab1d1d5adee129263551cdb198ed025c0bdcd6f40fc898d42607b448e1cac0a3
                                                                                                                                                                                                      • Instruction ID: 08afea3c772fec74cb58607de441efdc57b3f4c671082315ff40018f806db65e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab1d1d5adee129263551cdb198ed025c0bdcd6f40fc898d42607b448e1cac0a3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9031D879B40219CFDB54DFA8C998BAEB7B1BF88704F1004A9E506DB3A1CB75AD01CB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280D688 Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: \s^q
                                                                                                                                                                                                      • API String ID: 0-4111632511
                                                                                                                                                                                                      • Opcode ID: 5d7310914e553ab9460618489c48b0dbb6196cf4aca7a385900b69dd745afdb5
                                                                                                                                                                                                      • Instruction ID: 5b981df18f3bac96b5b67923fac86650d382848dd5025d8c65bedfa6f6e5e769
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5d7310914e553ab9460618489c48b0dbb6196cf4aca7a385900b69dd745afdb5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C221903A3405248FC794DBB9D884A6A77E9EF89B6571584E9E40ECB3B1DB21DC41CB80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B3D08 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: Te^q
                                                                                                                                                                                                      • API String ID: 0-671973202
                                                                                                                                                                                                      • Opcode ID: e5af6346be1e37f5b2239665706ecc17798b7c9e77ee1511909cfe7c1b5fbd5f
                                                                                                                                                                                                      • Instruction ID: fd01e5fcad3460f224c0c94b95c3b7d324ade0c91ade86edaf408eac4ae4bd73
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5af6346be1e37f5b2239665706ecc17798b7c9e77ee1511909cfe7c1b5fbd5f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E11D6757401148FDB14AF6DC855BAE77E7AF88714F24441AE501EB3E0CEB59D028BD1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B9830 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: p<^q
                                                                                                                                                                                                      • API String ID: 0-1680888324
                                                                                                                                                                                                      • Opcode ID: 03fddb510b5eb3de3b3d3f62231be54f6c3439997eaa85841a5c73d6fe046a78
                                                                                                                                                                                                      • Instruction ID: 821c27167bf8d19790d8ca74170b05732456d4432eb4be19e2579367e8d65126
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03fddb510b5eb3de3b3d3f62231be54f6c3439997eaa85841a5c73d6fe046a78
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A12179B03001489FCB11CF2AC840AAA7BEAAF8A710F1545A5FD94CB371CA75EC51DBA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B3D18 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: Te^q
                                                                                                                                                                                                      • API String ID: 0-671973202
                                                                                                                                                                                                      • Opcode ID: 198b21fad2bd4464434feadb94a23b7ae1ca1fa98510950dbda7edd3a051d704
                                                                                                                                                                                                      • Instruction ID: f795d7f35df5bf686bf21da6518690cd61ffa030c53ccad2ac7af3c803b50bcc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 198b21fad2bd4464434feadb94a23b7ae1ca1fa98510950dbda7edd3a051d704
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7521C031B101158FCB04AF6CC858BAEBBF6AF88714F24045AE502EB3A0CEB1DD018BD1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B40E8 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: Te^q
                                                                                                                                                                                                      • API String ID: 0-671973202
                                                                                                                                                                                                      • Opcode ID: f5e8781368b42ea85cb93779bb8c9733f05b9c8a5676d16c0e1ed446fab7c9f9
                                                                                                                                                                                                      • Instruction ID: 96b5db6333732c712b983c500d84b84cad6bf5ed91b43d1c4fcbcf57297288e4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f5e8781368b42ea85cb93779bb8c9733f05b9c8a5676d16c0e1ed446fab7c9f9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DD11DD70F401048FE7049B6D8494BBE77E7AFD8B00F244455E502EB3A5DE749D068BD1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B9821 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: p<^q
                                                                                                                                                                                                      • API String ID: 0-1680888324
                                                                                                                                                                                                      • Opcode ID: 3ea856be33b22a2f803afef1cf1ec37c4f66b57bf7d7d3d69800fd782ed96344
                                                                                                                                                                                                      • Instruction ID: 2f48698f58a2a3e69cf285358d1c16e9458185738d7877eb1549586fddd08ae6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3ea856be33b22a2f803afef1cf1ec37c4f66b57bf7d7d3d69800fd782ed96344
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 502198713001449FCB05CF2AC844AAA3BEAAF89310B1545A5FA98CB361CA36EC52DB60
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02808963 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: d%dq
                                                                                                                                                                                                      • API String ID: 0-2367018058
                                                                                                                                                                                                      • Opcode ID: e6e6c032e444add7e963628ba3932399801301a7aa08b662f3dd9c7c1e2cd318
                                                                                                                                                                                                      • Instruction ID: fdea2aeb8463d2c6e6c8817abb99f5fc7df68e06eeab21fb68f02556164c32c3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6e6c032e444add7e963628ba3932399801301a7aa08b662f3dd9c7c1e2cd318
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7311B138600604DFD754DFA4CC98B6A77E2BF84704F2584A4D4059B3E6DB75DC84CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02801B98 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 8bq
                                                                                                                                                                                                      • API String ID: 0-187764589
                                                                                                                                                                                                      • Opcode ID: a3febaf2bf9d692f87b629a3c6941dc3ca63dbc86be05f2a412141eb38b9f798
                                                                                                                                                                                                      • Instruction ID: dff2471e28f7e4c29b00871d9f62218a82d59d113d23789a8c34df1c838756c4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a3febaf2bf9d692f87b629a3c6941dc3ca63dbc86be05f2a412141eb38b9f798
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F01D23C3406009FE3449B7DD9D8B9A3BD6EBC4329F1401B9D20AC7AE9DBB59842CB40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0492005B Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083483778.0000000004920000.00000040.00000800.00020000.00000000.sdmp, Offset: 04920000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_4920000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 4'^q
                                                                                                                                                                                                      • API String ID: 0-1614139903
                                                                                                                                                                                                      • Opcode ID: 1c23bedf264baa749152a51c389c30cc6e72bb5551b3ed2df764b6ea2b181617
                                                                                                                                                                                                      • Instruction ID: ca629ae5b16db8bcffaa03cf7521ee37d554eeb067fb310c6266c4fc495daa34
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c23bedf264baa749152a51c389c30cc6e72bb5551b3ed2df764b6ea2b181617
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 90017D32B88271CFD72A0924652852DBBF6AFC265431D84FFDB41C7246EA158C06C341
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02801BA8 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 8bq
                                                                                                                                                                                                      • API String ID: 0-187764589
                                                                                                                                                                                                      • Opcode ID: 4a30c2f0fefd764261312cc2854373c311cbc9b614d198ecbd709001fa354d79
                                                                                                                                                                                                      • Instruction ID: 40bf8562f303acaf5dc250c8b6819c47f23e5774a04f3621697bfeab060c1c34
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a30c2f0fefd764261312cc2854373c311cbc9b614d198ecbd709001fa354d79
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41018F3C3406009FE345A66DE9D8B5A77DAEBC4325F1444B5E20AC7BE8DBB49C828791
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B3EF0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: Te^q
                                                                                                                                                                                                      • API String ID: 0-671973202
                                                                                                                                                                                                      • Opcode ID: 401884dff2414e256c24f7db9c5a56b4c1d24682dc27d4f61ba6b585904af4e3
                                                                                                                                                                                                      • Instruction ID: fc4825e7710c5724e95e39dd3e8ec31d4d0ab8b9e424ac0e1b0b497c24a9fbff
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 401884dff2414e256c24f7db9c5a56b4c1d24682dc27d4f61ba6b585904af4e3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 56014F307042198FDB04AF68DD1DB9E7BB1AB48741F100924E402EB3A5DFB4A8458BD1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028027EF Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: TJcq
                                                                                                                                                                                                      • API String ID: 0-1911830065
                                                                                                                                                                                                      • Opcode ID: 61981b0e15011187e670c2cabd121535b0b1bbe1e7f8516d6eb6f3dc3636da8e
                                                                                                                                                                                                      • Instruction ID: 3985fc47d77b9496455aa1a81b25d9f3326ddaea937fe8985b35d0b1e8cf41f6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 61981b0e15011187e670c2cabd121535b0b1bbe1e7f8516d6eb6f3dc3636da8e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33F09634600109AFD704DFA5D458B5DFBF2BF85304F180059E4059B3D1CB74AD05CB81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02808FC7 Relevance: 1.2, Instructions: 1217COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 772b63c71dcbd317fdea8638ac93da993fee5a6a7b34213b26fa9cd2de983c2f
                                                                                                                                                                                                      • Instruction ID: ec65c20590ce458e6f04287ebe7fad72a25bdc87a7ac01bcb96e304b50f48cc1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 772b63c71dcbd317fdea8638ac93da993fee5a6a7b34213b26fa9cd2de983c2f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 96C2F37A210510EFDB4A9F94D948D55BFB2FF4D32470A80E8E60A9B272C736D865EF40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805338 Relevance: .3, Instructions: 310COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 98992d3fc2624da85d55802980d089cb572da82b89f40d09f3bbbf52f099263b
                                                                                                                                                                                                      • Instruction ID: e6b8641bc43f58ad3e204a10618f28fc315926ca251d1ff523ec4e99db3fe9be
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 98992d3fc2624da85d55802980d089cb572da82b89f40d09f3bbbf52f099263b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9BC19B5219CAC35EE3634AB8AC74BD6BF989F43234F1943C3D5E45D8E2D3AC11C29266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805892 Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8e58060ab79c29cfff4608528beb7964fd4a688b1dec8532020e37d7ce567abf
                                                                                                                                                                                                      • Instruction ID: 9eaeb38d60cd55ceefc6689d876e71ab055b616b0b0a3cc78e451343558deee0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8e58060ab79c29cfff4608528beb7964fd4a688b1dec8532020e37d7ce567abf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8AC1985219CAC31EE3634AB8AC75BC6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028050AD Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 92c5de41a263392ebf1d9c2740d5295e82c2b38a66cee4b68224b7d9e29c5f91
                                                                                                                                                                                                      • Instruction ID: fa5f84baff712b717df6c5ce23022dc81b3cab0eaa83e4ee2bdf8d278b845a2e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 92c5de41a263392ebf1d9c2740d5295e82c2b38a66cee4b68224b7d9e29c5f91
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13C1985219CAC31EE3634AB8AC75BC6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028057C3 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 7410e6faed6b456b83f4d493bfd7380d2549ceb946cb9415355cf61f9763111d
                                                                                                                                                                                                      • Instruction ID: 4f8fbbe5c12b8eee00cc083a3db1e8dcae94708ed1c532317b629bdb874b06a6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7410e6faed6b456b83f4d493bfd7380d2549ceb946cb9415355cf61f9763111d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DBC1885219CAC31EE3634AB8AC74BD6BF988F43234F1943C7D5E45C8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805569 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8718b82ee8ccd28bcd63063e7d7f56a5bf0b6dcc8e724d3b49e0da93ca39c844
                                                                                                                                                                                                      • Instruction ID: a9bb54d32543d69ffc90cd93297794195e35006c8c99afab1b74e1a27a0a72bb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8718b82ee8ccd28bcd63063e7d7f56a5bf0b6dcc8e724d3b49e0da93ca39c844
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0C1885219CAC31EE3634AB8AC75BC6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805141 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a7ff5f05a3d6da58ed2b3ab604c86184eedd48348ce8a786e60f7cbf986f7a73
                                                                                                                                                                                                      • Instruction ID: 39d0cb8e5e06f3588444e6188b1a58e59f610854ae908865c9fe6d1b1d5410c5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a7ff5f05a3d6da58ed2b3ab604c86184eedd48348ce8a786e60f7cbf986f7a73
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EEC1885219DAC31EE3630AB8AC74BC6BF988F43234F1943C7D5E45D8E2D3AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805D35 Relevance: .3, Instructions: 302COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: edf06852a0809fe168dc7562b2efa2e1b648b84c65eb0c9d5ebaa07d9451d661
                                                                                                                                                                                                      • Instruction ID: b1c0d363077bc50c69094b0959135a1ea5c74c15f9f7b29f3216d913f3cfb822
                                                                                                                                                                                                      • Opcode Fuzzy Hash: edf06852a0809fe168dc7562b2efa2e1b648b84c65eb0c9d5ebaa07d9451d661
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74C1885219CAC31EE3630AB8AC75BC6BF988F43234F1943C7D5E45D8E2D3AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02804F1C Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 761516b4fd6a81f78e19bf606436185109e62c1b81a426bc4f7484bdeef61d71
                                                                                                                                                                                                      • Instruction ID: b649313cf57e8c0359a2a172cdd662b8ee3d89bb20f19a6ada63bdd6e93baf4b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 761516b4fd6a81f78e19bf606436185109e62c1b81a426bc4f7484bdeef61d71
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 68B1775219DAC31EE3634BB8AC75BC6BF988F43234F1943C7D4E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805A54 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 75e85b9781504787781242fb9cb76f6b26d4f8477e0515980d2021c816cb7182
                                                                                                                                                                                                      • Instruction ID: 7692d0b53ffab17208d9dc7c297fcb99766952d3bd6ea5ebd6a84615017d9488
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 75e85b9781504787781242fb9cb76f6b26d4f8477e0515980d2021c816cb7182
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02B1765219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805B87 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 7a41f5ab0e54c650c7c13ac7fb91d931d231a860bf7fa41f5a220ec40b4713f0
                                                                                                                                                                                                      • Instruction ID: bea15f15dfdcb11620fc40a189bdbeacac3ce8d0ee3fcc2e9f5804516a40f905
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a41f5ab0e54c650c7c13ac7fb91d931d231a860bf7fa41f5a220ec40b4713f0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8B1765219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45D8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028053BF Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 459f4466069006537d2c7de485365a8d8a09255baae68cbf94b3eb166d539fdc
                                                                                                                                                                                                      • Instruction ID: ecdac2cca36f11defc79483912822038d4f20aa93e7968016623068792e00a9b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 459f4466069006537d2c7de485365a8d8a09255baae68cbf94b3eb166d539fdc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6EB1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805003 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 13c4db5ed05899ade8094467924bd3e834e9bb559e77a992e3e28cdc25cc1830
                                                                                                                                                                                                      • Instruction ID: e1d573676c462f36d3488fe2c64148bd086908062ae1375eeee208869d4f54f2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 13c4db5ed05899ade8094467924bd3e834e9bb559e77a992e3e28cdc25cc1830
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A1B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805025 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e7d7979a25f92e4c8525b4d384cd7f0bc93de4a80cf65151e98d381ca81c4c6f
                                                                                                                                                                                                      • Instruction ID: 63beb1f5cd0836293a7cb2227385db67d1af063ed163089499e7769552ae3ccc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7d7979a25f92e4c8525b4d384cd7f0bc93de4a80cf65151e98d381ca81c4c6f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 21B1865219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805047 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 4aeea356911c240db5cf9b7544a4facf0fe19539bacfc1fa3bec131e4643a759
                                                                                                                                                                                                      • Instruction ID: d5792fd89e775043cff69d2a1388d973479ee72eaa0cad503f5c3a6a5712322f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4aeea356911c240db5cf9b7544a4facf0fe19539bacfc1fa3bec131e4643a759
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805069 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8d3c8c76404bae9a3e0f2d3b803c2d777c58fe01271ec318bfcd284e798b327f
                                                                                                                                                                                                      • Instruction ID: b9b81e03d159095db869d13749be3590706996ad7377ade13c754091c2ba6661
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8d3c8c76404bae9a3e0f2d3b803c2d777c58fe01271ec318bfcd284e798b327f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2B1875219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02806076 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 78960c7b20f6e0256765d73dcb785b46528f0920351c9942641f3a05f8b8e7c7
                                                                                                                                                                                                      • Instruction ID: be23276e5caa160b750c6d4c236c00a3e7467b0885cda65fc23372efcf6c22db
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 78960c7b20f6e0256765d73dcb785b46528f0920351c9942641f3a05f8b8e7c7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 74B1765219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280617D Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: de1368f384b761c7c1e0bb76c316383d450bed43e147312d7cdcf34e7c321e15
                                                                                                                                                                                                      • Instruction ID: c50841e8f64641bfaac9d8d76587f4341f41dc5345afde13d4d698396d8a9db1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: de1368f384b761c7c1e0bb76c316383d450bed43e147312d7cdcf34e7c321e15
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805696 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 360e1b443fbe4c0d377e2ee690121e47fba1ee3e267272b188bc2b025c2263eb
                                                                                                                                                                                                      • Instruction ID: 4c792d0928609c3a18ca6bdac04699b39dd94741ab83ac0f2f7789b966ca31e8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 360e1b443fbe4c0d377e2ee690121e47fba1ee3e267272b188bc2b025c2263eb
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805FBB Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 27bd221eb8862b0a3201880ba96c7d6fe38b1a6e9de8cba165818d65b63c1609
                                                                                                                                                                                                      • Instruction ID: 4170617e8bae3cc3eb0a81ce9147ef5c51afc01728649850eef69d5e6790ab39
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27bd221eb8862b0a3201880ba96c7d6fe38b1a6e9de8cba165818d65b63c1609
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805F56 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 423df9bd3c5310c4ab84871f3ce7fb61c0f469344c286869ab96a4f5b7860959
                                                                                                                                                                                                      • Instruction ID: 08b8bee2bc9b5d82bb634d11c7e10c45a90ef5f69f598c61da810fef9da7d721
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 423df9bd3c5310c4ab84871f3ce7fb61c0f469344c286869ab96a4f5b7860959
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805779 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ab3eb3adcf14bb1eccd2edde532f22a0cdc0b78773a4e8c738fa83d440962154
                                                                                                                                                                                                      • Instruction ID: b58fe98927a5355b74710bdcbe284c498e4228ce1d40e8818fb5f8fc048dce8d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ab3eb3adcf14bb1eccd2edde532f22a0cdc0b78773a4e8c738fa83d440962154
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280542A Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 20d0764dff61ef7194c74e3d37e8eff5a3528b7a6da3d9211958f29eaf48d2f0
                                                                                                                                                                                                      • Instruction ID: 622248d22094eddcee9b8540f73a4fda90a9f100cfd78203e1763b46f0245e03
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 20d0764dff61ef7194c74e3d37e8eff5a3528b7a6da3d9211958f29eaf48d2f0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FAB1875219DAC31EE3630BB8AC75BD6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028055F9 Relevance: .3, Instructions: 294COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 627248b76649e9d5768fda3fc301dcd178459ce3fea6399c182b24dbcb8ec0ce
                                                                                                                                                                                                      • Instruction ID: a4ffea217506d086cfad908ce51ad021cf31fb75faffd39fa7ec213e536cdcd1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 627248b76649e9d5768fda3fc301dcd178459ce3fea6399c182b24dbcb8ec0ce
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 45B1775219DAC31EE3630BB8AC75BC6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028052B8 Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 52537cf4d3e579a6ef4928185d176a8dd9e7886bfee0816d75473198fec5a8e6
                                                                                                                                                                                                      • Instruction ID: 7a8b77b06f47f4ab838b9ba95b8f945c1fc496b956622b2618a1a6571ebf9b96
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 52537cf4d3e579a6ef4928185d176a8dd9e7886bfee0816d75473198fec5a8e6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CCB1774219DAC31EE3630BB8AC75BD6BF988F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02806162 Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 97f7b32fdb79f77ad480cdd057319b28463a0bb67dc3fb70fcf3fd68df67c74e
                                                                                                                                                                                                      • Instruction ID: 7780ed60f9aa535b48fb2ce1d847924c46b12aa6537c191d2704faacf7286f30
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 97f7b32fdb79f77ad480cdd057319b28463a0bb67dc3fb70fcf3fd68df67c74e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32B1774219DAC31EE3630BB8AC75BD6BF988F43234F1943C7D5E45C8E2D2AC11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02805DBF Relevance: .3, Instructions: 293COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6b9c534d40d3cd4c00185c4bc72ddb4dae2720700cd3efd46866016a1aa5e36b
                                                                                                                                                                                                      • Instruction ID: eb52e27ae6ec987a701085703b2f5ef44e15312e984bf5e0df75e70771acd9a3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b9c534d40d3cd4c00185c4bc72ddb4dae2720700cd3efd46866016a1aa5e36b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3CB1874219DAC31EE3630BB8AC75BC6BF888F43234F1943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02806238 Relevance: .3, Instructions: 280COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d87a5f92765136c66f80ff36eb8267aeaa6743cdb129d74013b9a2b1daad3b11
                                                                                                                                                                                                      • Instruction ID: 58542bffd817c96c5aab18d1af3e78986f91e1baa169966bda892a247831e276
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d87a5f92765136c66f80ff36eb8267aeaa6743cdb129d74013b9a2b1daad3b11
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CB1785219CAC31EE3630BB8AC75BD6BF888F43234F5943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B6358 Relevance: .2, Instructions: 245COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b9258996756b577b4a2841fe404522351e6488db529b90d442abbcbb7c3e7f95
                                                                                                                                                                                                      • Instruction ID: 3740e164f250909554133ed43a21fadd834c920732dd694121a688d1f10dbb85
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9258996756b577b4a2841fe404522351e6488db529b90d442abbcbb7c3e7f95
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98918A35A016049FEB04CFA8D558AEDBBB2EF88310F148969E441E7390DB75ED52CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BB969 Relevance: .2, Instructions: 241COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 4275a2c791728fa15e5fc5d9e76070c3c2eee5b5b788a0a7f7f615121d6bc7e7
                                                                                                                                                                                                      • Instruction ID: b62fd5731e4d086746f92ef86e81ed7c6b836082553adc879410a3e75f3b6532
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4275a2c791728fa15e5fc5d9e76070c3c2eee5b5b788a0a7f7f615121d6bc7e7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4C915635A40618CFCB15DF68C494A9EBBF5EF88300B1589A9E856DB761DB30FD42CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B9953 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 1530424b1734d07b3b0d7ef89919e31191279ad985e9247357901baef6017c98
                                                                                                                                                                                                      • Instruction ID: 52960de338b9fff5260f8f3c8b787925c9294a25af7078acb4d0abc62cb73dfe
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1530424b1734d07b3b0d7ef89919e31191279ad985e9247357901baef6017c98
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B8A15E71E009298FDF11DFA5D8406EEBBB1BF48700F148A54D991E7388D778AA52CF91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028062A8 Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 18c599bb98cac92e40f8bf09cbfaa5ec5041096f02340c9f38a2987901bd0a87
                                                                                                                                                                                                      • Instruction ID: 81ff731aec63a66bc04db851c8f69dbd66de3a6ac84f2064f642f5f0b6f8f3e7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 18c599bb98cac92e40f8bf09cbfaa5ec5041096f02340c9f38a2987901bd0a87
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8881585219CAC31EE3630BB8AC75BD6BF888F43234F5943C7D5E45C8E2D2AD11C69266
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02801F8A Relevance: .2, Instructions: 225COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: beb87ad009edd31a025c08e82250ea10eff6a28a2b8c0ecdd9845765469878e6
                                                                                                                                                                                                      • Instruction ID: 0038a0007f755a3ccd15e363eb1015a9872093cd71f65a7b6dd32a67f4b9a407
                                                                                                                                                                                                      • Opcode Fuzzy Hash: beb87ad009edd31a025c08e82250ea10eff6a28a2b8c0ecdd9845765469878e6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D391607C604508DBE780CB54DCCCBAAB7B2FF84319F188561D409DBAD8D7B8A985CB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B13A8 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 37b6385e161345136a8285d74c1bf496fd5c8d3ba207ffed47f964c944ca57de
                                                                                                                                                                                                      • Instruction ID: b4d921cb096aced84dc0e24c736fe32527536fed153ecdbeda357dc6486e88c5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37b6385e161345136a8285d74c1bf496fd5c8d3ba207ffed47f964c944ca57de
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42815A35A00609DFCB14CF59C498AEAB7F5EB48344F148A2AE486DB751E734FD81CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280F050 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 49ad9137f5788e381125c42e13fc5be77e71034c5c231afd3aaa376794e34acf
                                                                                                                                                                                                      • Instruction ID: aea51b25cc916ed09af9bf355fdad3edaebc4c5fc4a813586a32bac7a5dc864a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 49ad9137f5788e381125c42e13fc5be77e71034c5c231afd3aaa376794e34acf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F510A3DB045054FC7A69BB88C5066E7BE6AFD5610B54C2A7C209DB7D1EF219C02C7E2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028042C0 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f40ed42e13709309ad523c3fa675612346c343645f5bc468b46975454cec3d8d
                                                                                                                                                                                                      • Instruction ID: 4d3e350325403c8029a4ce395ea93d0dcbc4880aaa35cc735071d2ed19233b15
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f40ed42e13709309ad523c3fa675612346c343645f5bc468b46975454cec3d8d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D551D33C784618CBE7A0CE56DCC47AA73E2EB46308F158576DA09CBAC8D7B8D984C745
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280F8B0 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 3b5862dda74b72d747bff9c732a86b362c857b1cc28e5aa7201bdb53403d9b18
                                                                                                                                                                                                      • Instruction ID: 642dd17e9e885e0174043e6e4f3f763d99c8f12a8853dde99a9e2b1eb9120cea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3b5862dda74b72d747bff9c732a86b362c857b1cc28e5aa7201bdb53403d9b18
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 18515C3CA04604CFD7B48F2AC8847A6B7F5FB95304F10896AD646C7AE4DB74A585CB42
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BE9B8 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 04b0461d8872c0e0219831b722388bd628808d8b0f8b619ba303c755d0a282f9
                                                                                                                                                                                                      • Instruction ID: 37f3d805c59b09c9bca959b3d6e747d51253f2e13d80d7e94042b0d066ef31e3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04b0461d8872c0e0219831b722388bd628808d8b0f8b619ba303c755d0a282f9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0651AE34B00609DFDB04EF64E898AAEB7B6FF88711F008519E502973A0DF74AD56CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280BA13 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 031d298d84391dd79b3c07fb07f60efdad6073d9e92366963583d5a03f1f789c
                                                                                                                                                                                                      • Instruction ID: 3aa54354c2fcd54f5d23d6d45633393acc17ecf8b55b2766de2536bb47ff95f9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 031d298d84391dd79b3c07fb07f60efdad6073d9e92366963583d5a03f1f789c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B41073DA052488FD7859B74DCA47AE7BF2AB89318F1440A6D005DB3DACF788C45CB52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280BA20 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 67b24057dbb7234807e85d51d3244ea6c3fdeda57140e212725b3fef3e020aa3
                                                                                                                                                                                                      • Instruction ID: e3db4bc41b9abf6ea0d678129ff7c8cac04c3c92822c8b041cbd4c5d606b9656
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 67b24057dbb7234807e85d51d3244ea6c3fdeda57140e212725b3fef3e020aa3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3141033DA042488FD7819B75DCA479E7BF2AB89318F1440A6D005EB3DACF789C85CB52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B1399 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 3bc3fa83b4d88d14f0c34ac7835fb7236699f477ab82258321b70d315e411f63
                                                                                                                                                                                                      • Instruction ID: 06c15aa0338cce5e70127e1656ea8c69ad453a5e75ce265037fe7224663af3bb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3bc3fa83b4d88d14f0c34ac7835fb7236699f477ab82258321b70d315e411f63
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D3513A75A00209DFCB10CF99C498AAAB7F5FB48350F148A2AE596DB750E734ED80CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280B808 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: eb0c3d397246288ac50a5605a2a28302f188940a32705d610d448947c67064d7
                                                                                                                                                                                                      • Instruction ID: 817acfae207d69f74ae61f744ba1e04c67e78a430461d6b2f3b274362db9ac4f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: eb0c3d397246288ac50a5605a2a28302f188940a32705d610d448947c67064d7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CC41B03CB006059FE784DB29C88476AB7E3EB89359F5480B9C109D77E8DBB49D86CB41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280E490 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6592fbf1e69fd9e90a37d0af8c513ee34b5844ef1e01c30edf1c63a0d7e7f53e
                                                                                                                                                                                                      • Instruction ID: 3d74ac88dccd2f2597d4da166674b0d1c7793d12a6cf22e78435bdb4756a58d1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6592fbf1e69fd9e90a37d0af8c513ee34b5844ef1e01c30edf1c63a0d7e7f53e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97312935A092648FD7514B398C9426FBFE69F82200B19C8EAE058CB292CB75CC0AC790
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280B818 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 4800a94866bf34cc7300fbc3c9a6bebaa850f8d5b23488ecb0f744131e4981ca
                                                                                                                                                                                                      • Instruction ID: 3125eaef5f85ebe69b60f9488e92896bab2980e9657e5d39fe5691c838f52065
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4800a94866bf34cc7300fbc3c9a6bebaa850f8d5b23488ecb0f744131e4981ca
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7B41D03CB005059FE784DB29C88476A77E3EB89359F148079C109D77A8DB749D86CB41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02807848 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2fc13949155cd71fde9623c9f0e92565914f2d3be2d314d00682a170761080c1
                                                                                                                                                                                                      • Instruction ID: ffd4e6ed4c8a4fc599eac014f30cbe2f2b76234eb4b1b378e2d04c3d02d0d91c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2fc13949155cd71fde9623c9f0e92565914f2d3be2d314d00682a170761080c1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C5416D3CA04208DFD754DA59D8C0BAAF7A2EB84305F15C0B5C119D77A5E374AD86CB8A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280F041 Relevance: .1, Instructions: 110COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0e936d3115da870fcdc6577ba1f5b38209a41ea7b7ee58b28f696da5b5d69f09
                                                                                                                                                                                                      • Instruction ID: 60746207d07843da3301eac533213e376d169f849bde09b9fef64cb774f8eb48
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e936d3115da870fcdc6577ba1f5b38209a41ea7b7ee58b28f696da5b5d69f09
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0131E63DB045058BDBF5AAB48C9027D2A96AF94254B45C16BC70ADB7C0EF258C0287E2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B6800 Relevance: .1, Instructions: 102COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 5b2ff6ea604d34794be1ea145ab43bdd4413200942df85e5c010c1eade8493e8
                                                                                                                                                                                                      • Instruction ID: 18b77cf4952106a57dbbdada0fbd4b282aba43a2804f129c6424f10e67417c32
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5b2ff6ea604d34794be1ea145ab43bdd4413200942df85e5c010c1eade8493e8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BC418B31A006168FDB14CFA4C8406FEBBB1FF88344F00896AD599E7360E774A945DB92
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02801E00 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: fe51062343430d3d6918e803a32dddf03770eab3a3532d872f23c28abb3035c6
                                                                                                                                                                                                      • Instruction ID: 89dcd9c7f9cb71f871141ec4c07b58da0b1253d6ff6246d8cd98f6358ca6ef81
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fe51062343430d3d6918e803a32dddf03770eab3a3532d872f23c28abb3035c6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 273149392085419FE3519B29DC54767BBD7EB86320F0541F6E14DCB6D6C7B8AC41C381
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280C2C8 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2c6b3e5c6f24def61c8c9865539eb16beebfa2532407e2beabe4aafb2f76e1e1
                                                                                                                                                                                                      • Instruction ID: 1abd5b11d924f1dee448801ade76369f30a168b8f9ef2bb4284272d529178d78
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2c6b3e5c6f24def61c8c9865539eb16beebfa2532407e2beabe4aafb2f76e1e1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE418074A00209DFDB40DFB9D8845AEBBB6FF88301B1441A9D506E73A4DF759A06CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02803F81 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 33061f647442c693a52aa210d5850d96f5dfa5a9e71f4e01d81d5916045f12f0
                                                                                                                                                                                                      • Instruction ID: bb0419840a1a21916b6ada67c2d8ec451110bc308d95296fac53d648617b6d3e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33061f647442c693a52aa210d5850d96f5dfa5a9e71f4e01d81d5916045f12f0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2D316DB8A04204EFD780DB59D8D4B6AF7F2EB84315F1084B5D505DBBD4C7B59885CB81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280F7A0 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2dd6a952d79431bc943fb31a98866c01451cac901d9b8d7f879e0a8ca7be3803
                                                                                                                                                                                                      • Instruction ID: 953d619154e8b05dbd869081c1d1afa8d03643a561dfb7630ce80863b61df7df
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2dd6a952d79431bc943fb31a98866c01451cac901d9b8d7f879e0a8ca7be3803
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E21F63E6082445FE7F089799CC43EA7799EB60358F24C93AE64AC2EC0EF64E444C756
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02803F90 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 4a1b7d69af34370215b0a1577cb5332875e985fdd4c77379b1ce31156856ddc3
                                                                                                                                                                                                      • Instruction ID: 08633924243afb8bd18d1f7968d0ca09d5975a430011b2ff66c5138b0264bb82
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4a1b7d69af34370215b0a1577cb5332875e985fdd4c77379b1ce31156856ddc3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46318EBCA04204EFE780DB59D8D4B6AF7B2EB84305F1484B5D605DBBD5C7B59888CB81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BF758 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c6fdb4b31c9199cdcf7050e53f189614f1d92d191fe74cff6f496acba6a9b3cc
                                                                                                                                                                                                      • Instruction ID: d0bdf75c7651c0899b534823ba7a0461931301f4938b38c3b87a628af464a7ee
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6fdb4b31c9199cdcf7050e53f189614f1d92d191fe74cff6f496acba6a9b3cc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FD21F8323002508FE3248B69EC44A96B795EFC432571589BAE74DCB652DB30FC82C794
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B9061 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6339dd2d7cfce2892046d81912df66ca4099de26d457893f667ca79526f53d2a
                                                                                                                                                                                                      • Instruction ID: 6c9d6cd825e1f77ed93807514661e1f0af9a044686ba4fefe1eaaca00a711204
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6339dd2d7cfce2892046d81912df66ca4099de26d457893f667ca79526f53d2a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2E319C30B007018FD725AF65C8985AAB7B6FF85305B148E6CD9868B3A4DF75EC46CB80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B5633 Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ce71685800240c5fbff539e102cc2da0525578dba710ca235b2bce806325fff2
                                                                                                                                                                                                      • Instruction ID: 786e32b25ad3ebaeae3595b3857b2137b8b1fd4202a215bb7ecc6c410df4c939
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ce71685800240c5fbff539e102cc2da0525578dba710ca235b2bce806325fff2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17317071200B019FD725CF2AD584396B7E2AF84354F148F2DD496C77A5EB70E9498B80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02801C50 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e6952b50670800c5d681e8da9bc26a522372bf5ff9dfb85ce2fd92539fca50cf
                                                                                                                                                                                                      • Instruction ID: 94bbf2540fbb282ad6683fee9a27926b4e412e8bdea7356cae5ba510cc2d5c94
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e6952b50670800c5d681e8da9bc26a522372bf5ff9dfb85ce2fd92539fca50cf
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 35314E78E006099FEB44DFA5D8486ADBBB2EF85304F4484B5D409A7394DB789945CF50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B8138 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 62b8204b2b6aa8800499459799a381304ed956a86826e502da968dab72cf7332
                                                                                                                                                                                                      • Instruction ID: 3dfe3ee4821a42df50863230b8c363597892432fe98005bddbc4dce24793dd41
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 62b8204b2b6aa8800499459799a381304ed956a86826e502da968dab72cf7332
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC21D235F022198FAB10AEA9DC444FEB7B9FB802657104E76D565D7344EB70EC15C7A0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280C3B8 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 1c26980011be80c0bad4a48e79acffa0bc02e586ea7574e68a2de4c0b36f3c8f
                                                                                                                                                                                                      • Instruction ID: 463b2544b35bd8e24a06d24e04a7db3c9fe102ae5fd653b605c3b84b02067575
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c26980011be80c0bad4a48e79acffa0bc02e586ea7574e68a2de4c0b36f3c8f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EE210038A042099FCB55DFB8D84027D7BF4EF45304B2491EAD40ACB292DE39A942CB85
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280257C Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e2ce37e4f611caeda6f21a3769485056a15affe00384c1505922cc1aa18a7403
                                                                                                                                                                                                      • Instruction ID: 546b344d0ab8c5eb9301eaa1ae60c43f02ee408bc00dea67732a8398e3e089bf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e2ce37e4f611caeda6f21a3769485056a15affe00384c1505922cc1aa18a7403
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC31633C900514CFD780CB5CD8E8BADB3B2FB44314F5585A1E815AB6E8C7B4AD45CB44
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B8F90 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 42adee9743b579cf76490d33cc41f79bc709236849cb6a48214ad6bc0cb0ae8d
                                                                                                                                                                                                      • Instruction ID: 5a44409c58b9d3a9938a44ff24d3566fce42fae5429c4c52ee9a162e41b0197b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 42adee9743b579cf76490d33cc41f79bc709236849cb6a48214ad6bc0cb0ae8d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9B214871A00209DFDB10EFB8C504BEEBBF5AB44344F108566DA99DB390E634EA42DBD1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02801C60 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 3f2ec28d7a6f0e2b8ea95d58d5f66110b623c73c5466ef7f49c4fefe573a2940
                                                                                                                                                                                                      • Instruction ID: 172e363e6fc052d6240ba60630e7316f5ef7b55ae39419521b3cedf031181c5f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f2ec28d7a6f0e2b8ea95d58d5f66110b623c73c5466ef7f49c4fefe573a2940
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C314A78E00609DFEB44DFA5D8886AEB7F2FF88305F408469D409A7394DBB89A45CF50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B3B29 Relevance: .1, Instructions: 74COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 1e7165ea11742d61e12108e316506e41edc93104470ee6a0006b22305b619da9
                                                                                                                                                                                                      • Instruction ID: ccabb10028142b4d4c213a0610520152728f775cd8b01f9f263413f55e313cbd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1e7165ea11742d61e12108e316506e41edc93104470ee6a0006b22305b619da9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7E21BD75A00604DFDB04DFA5C5486EDBBF2EF88314F208669D846E73A0DB75AD86CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B53D0 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a325cba7af9b9ffef572969117cf8eaa4d1093994990ee87fec80f9d3c045156
                                                                                                                                                                                                      • Instruction ID: f40e22f6e4b0b40fa72ad729115a9b5c0411de1bdb96d81658cb52b25ae8faf4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a325cba7af9b9ffef572969117cf8eaa4d1093994990ee87fec80f9d3c045156
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FA219C71E00119EFDF05DF64C4489DEBBB2EB8C721F248629E411AB3A0DA759C86CF90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B3B38 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c3eb3a5c7e4eaa1a44f3def412f29b5c1903cfacc5bb0d773947b432460b312e
                                                                                                                                                                                                      • Instruction ID: 19028e13fa4ad9652550424101c70e689b62d12c3c7e2406f748fc7b2417ff2d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c3eb3a5c7e4eaa1a44f3def412f29b5c1903cfacc5bb0d773947b432460b312e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: DE214670A00609DFDB04DFA4C958BEDBBB2EF48314F104669D846E73A0DB75AD85CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BCC00 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6b408d0cd974a7007f32367b510850c3fe5bbde135d25f8d2b759a85de7681c3
                                                                                                                                                                                                      • Instruction ID: e5ff63984d005333440241537be99b0beed2fe87cdaf7b9de334529616157d19
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6b408d0cd974a7007f32367b510850c3fe5bbde135d25f8d2b759a85de7681c3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F721F771A00109CFDB05DF98C654ADDB7F2FB48304F104AA9E445BB3A5D775AD44CBA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B6808 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 5be82d9ff8418ec7e20ddae8098c3c72c1354a5c58b6dc5392b86450afb91a7c
                                                                                                                                                                                                      • Instruction ID: 7c8ceb03a3fcd1067465aaab81b0a5836360a219b4f706cf600705ad8a110c38
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5be82d9ff8418ec7e20ddae8098c3c72c1354a5c58b6dc5392b86450afb91a7c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 73217C70A006158FCB14DFA5C844AAEB7F1FF88654F004979D989E7360E731A845CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B53E0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: df2da0c14ebbbed96d60853023610c1fa302ddf9db1e36627f7b8c16b28a60b8
                                                                                                                                                                                                      • Instruction ID: 51362dc633eff9e97090b052250fc68c08cf6935d476a5d536e3f00d3c6d9428
                                                                                                                                                                                                      • Opcode Fuzzy Hash: df2da0c14ebbbed96d60853023610c1fa302ddf9db1e36627f7b8c16b28a60b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33213D35A00218AFDF15DFA8C4489DEBBB6EB8C725F144629E415A73A0DBB59C81CB90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B3957 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0a0e8f429d24750d1a5716cbe20a11e4d3f97c8210de2d84057af5a8ff6d76a3
                                                                                                                                                                                                      • Instruction ID: 7a37a07c79dc97cd55806d21b39f7a6162573e638e44f9b406b4f24173e7436d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0a0e8f429d24750d1a5716cbe20a11e4d3f97c8210de2d84057af5a8ff6d76a3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 60219A35B102198FDF04DFA9E840AEDBBF2AF88200F148565D805E7394DB34A805CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B4958 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 9ecbaf46a7bded001275c614418e2c9373c48140ac4c96a7e8efb73036fd0313
                                                                                                                                                                                                      • Instruction ID: e0a2124ae4c17600675277878484bed45b04bb69edb26e587b0431ef5131de9d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ecbaf46a7bded001275c614418e2c9373c48140ac4c96a7e8efb73036fd0313
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 80215B30B002058FEB00EB68D4093AEBBE2EB84301F188979D00AD7785DFF4AD1987D1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BCBF0 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 923603c3833a72710cce62ebcb31700e9b7a29236c3a966f6799d83c0a7c7335
                                                                                                                                                                                                      • Instruction ID: 561f443c9155b51d81508b1905611717ccc504ade8015e9a10dc47908ed966f7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 923603c3833a72710cce62ebcb31700e9b7a29236c3a966f6799d83c0a7c7335
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9321F871A40209CFDB05DF68C694ADDB7F2FB48304F104AA9D441BB3A5DBB5AD45CBA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280C3A8 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b0a273c6ec33baba86623f4d9c1d1ee378389db4aeb20b13a032723089577e2b
                                                                                                                                                                                                      • Instruction ID: 2c567d01efbcd08516dd5af9a8d22403cacd4729e4bdfca68479cb4b69250e62
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b0a273c6ec33baba86623f4d9c1d1ee378389db4aeb20b13a032723089577e2b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A921F038A041049FCB45DFB8D8945AE7FF6EFC8214B1481AAE40ACB3A5DF319D06CB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B5D80 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f3d4ebbc8a785f0e07410a173c8b84f3d15339a049b91c6ce83bff21869b76ce
                                                                                                                                                                                                      • Instruction ID: 921d1ae406d9b9294379198893d607a463817dbce154b74fcdf60e18d37c76fb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f3d4ebbc8a785f0e07410a173c8b84f3d15339a049b91c6ce83bff21869b76ce
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9F110A39B002446FDF119FA488543EA3FF1EB49704F044A76D555DB381DA759912CBA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02803E61 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c6448fa9acf239e5990f2e21cf809c52f9bc7a5b9ea7361f84eceb50d580ed2d
                                                                                                                                                                                                      • Instruction ID: bd5effb151c234ea20e5ab3cdbc75aefff2f8cfaf969c5f3746aa13894570ebb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c6448fa9acf239e5990f2e21cf809c52f9bc7a5b9ea7361f84eceb50d580ed2d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 76114F39B046049FE390CB1ADC84B56B7E7EFC6315F5582A9E509CBBE5CB749C82CA40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280C2D8 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e178b507a5ca896b1e7a23a37918679e7aaa711e2f2a794f07d3c44cb8c4db2a
                                                                                                                                                                                                      • Instruction ID: 2351be3dd9eeffe991506661bbad2bca20aa8d04db918a462c4ffaff286548be
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e178b507a5ca896b1e7a23a37918679e7aaa711e2f2a794f07d3c44cb8c4db2a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C1215E75A002099FDB40DBB9D8845AEB7F6EF88301B1481A9E505D7394DB719A06CB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B5D90 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 3f301f05e01f2b07980fe857cbb0e62d6bb3d692f64f88ccaba1f7ee558d45b8
                                                                                                                                                                                                      • Instruction ID: f84af2724204564709643e3d1826833e8a91aada912714366bb63f0ed57bfae6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3f301f05e01f2b07980fe857cbb0e62d6bb3d692f64f88ccaba1f7ee558d45b8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F811A730B00204AFEF509F6888487EE7BF5EB88304F144926E555DB380EB75D951CBA0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B5B01 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 527eba17b8b8a3745262ff29a4ee2c9994a920c75ea75141e15a0af92d41828d
                                                                                                                                                                                                      • Instruction ID: 7467511c0ca71e7ea93e2c83afab3d7614cd972d95a24574f99dccc84cc08f9f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 527eba17b8b8a3745262ff29a4ee2c9994a920c75ea75141e15a0af92d41828d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94217F78A42219EFDB04DF68E594EADB7F2BF49304F104598E805EB360CB74AD41CB50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02801A50 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 183704e136f5a4a1bf7870e61ebe2196196e84ce6c77365ba039dee370918a2c
                                                                                                                                                                                                      • Instruction ID: 15fe0891023a8eb2927dc16de4d65880c104bf00b00a0c13eb514bcfd2272d81
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 183704e136f5a4a1bf7870e61ebe2196196e84ce6c77365ba039dee370918a2c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2B11BF3CA00508DFE794DA5ADC8C76AB3E3EBC4321F5884B5D10D876C8EB7859A6CB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B59D8 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 7a6c67275d1ae7d77699536dd7ede304a3056ae97c9fdb0d4d73a5a998a723ab
                                                                                                                                                                                                      • Instruction ID: f352034be71f4861e4d3ff7d0b4f8e90963da3b8eca177faf5f8eac2a3608da5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7a6c67275d1ae7d77699536dd7ede304a3056ae97c9fdb0d4d73a5a998a723ab
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1501843A350255AFEB118F59EC95FEFB7A9FB88720F108066FA05DB291C6B1DC118B50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280F278 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 138de5f7ca72de10d7f4eb630c4972521810a4d59eb7fc940ebb63c805c07398
                                                                                                                                                                                                      • Instruction ID: 8cd3601d6dc5188000d0f5f63d7465c0e8917b12a4b9223402b1544e7256f870
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 138de5f7ca72de10d7f4eb630c4972521810a4d59eb7fc940ebb63c805c07398
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4101413CA041048FD7A18A688D80B6A77D3EB9D700F0984A6EA0AD77E1CE748C01C7A2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280EE71 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 2bb90e7283d4ae0903e19ff5955e0e95d3324d2c22fe66e7c127572657e6ab6b
                                                                                                                                                                                                      • Instruction ID: 8bbc859ecd88222130751f010a71e948f3222556856fdbcdb1f4aa4bcd57e6e8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2bb90e7283d4ae0903e19ff5955e0e95d3324d2c22fe66e7c127572657e6ab6b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6311F53CA01118CFEB548BA8DD99BAAB3B1EB44308F200865E506EB2D0CB75AD048B52
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BDDB8 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0d576605e44824affbb4a52649d4e7c8ce0cc200bed723ca77d5918ebfaa6e7f
                                                                                                                                                                                                      • Instruction ID: 3fe44584498240b269fd5d93dbfd8ebe8a1889f9032df39bc8736cf97bdb8973
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0d576605e44824affbb4a52649d4e7c8ce0cc200bed723ca77d5918ebfaa6e7f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8BF02831B015257FFB1209486C412EEE7E0F784719F080B3ADAD5C3301D764E94782C0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280F288 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 9fa21b76267a10f611d86ff77f582aaf2c1a957d502b40926f37d3ac01938063
                                                                                                                                                                                                      • Instruction ID: 326a6102e03ab970d87904ce9dd36408e2fccfcaa6bea5168451a869eff7c320
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9fa21b76267a10f611d86ff77f582aaf2c1a957d502b40926f37d3ac01938063
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 26012F3C7040089FCBA09A58AD80B2AB2D6EBCC720F148467FA0AD37D0DE758C0087E2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02801A60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0071fb03a0c9bd4d23b8bd717279398f14a261052dbf9d38dc17730abce4cb2d
                                                                                                                                                                                                      • Instruction ID: 4013a449e9423131d4db2a2a4766defc49e732dc60618decd7f155292202b822
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0071fb03a0c9bd4d23b8bd717279398f14a261052dbf9d38dc17730abce4cb2d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3E119E3CA00508DFE794DA5ADC8C76AB2E2EBC4321F4884B5C10D876D8DB7855A6CB51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280E5F8 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: e5d6ba5cff7ae3e35cc55f24027b3de33eefa5b886690b223ca25b08c4855645
                                                                                                                                                                                                      • Instruction ID: a8e05d99a20cc036ec0aee896297ab64ba1d27f1bf6be88c1b478bd9ad30e28b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e5d6ba5cff7ae3e35cc55f24027b3de33eefa5b886690b223ca25b08c4855645
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CF1186387489018FEB84DB65E994B263BA2AF85304F1848A8D41ACB3B7DF75DC41CB41
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02801AFC Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 90955999ba7aa9213e51988559a3926c876d44c94423e956f97a5fda5753e3b9
                                                                                                                                                                                                      • Instruction ID: a319078391e4f843831774ac2112ed1b5a3bcc574ccca6578ab76a45ea10a15b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 90955999ba7aa9213e51988559a3926c876d44c94423e956f97a5fda5753e3b9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1E115A3CA00508DFE794DB5ADC8C7AA73E2EB84326F5884B5C10D87AD8DB7855A6CF50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280C4A7 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 23be102205121780d44efbabbc6ff44e6cf760cd2e4a1aba549a7494c5b2b5c1
                                                                                                                                                                                                      • Instruction ID: 65f10e57e5a0e3d71a8e3af640ae6c1c98de7580458a59568d045362f0865719
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 23be102205121780d44efbabbc6ff44e6cf760cd2e4a1aba549a7494c5b2b5c1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5B017878D4020EAFDF51DFB9E8416ACBBF4EE09300B14A2E9C049EB291EA755A558F40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280C420 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 5ff268551643145a58f78378dace982e73f8907926a98834e0209a1222b01d76
                                                                                                                                                                                                      • Instruction ID: d816edef34184989dac6fdda69e46a2f4ddd1f5c63b8c9345846e08f630f1304
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ff268551643145a58f78378dace982e73f8907926a98834e0209a1222b01d76
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42011A79D8020E9FDF50DFA9E5417ACB7F4EB04305F10A1E9D00ADB294DA799A408F40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B3E27 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d6bbdf147ff6021eb52aa6f0fa4c006d9dc3069fab1ba781eead06e13e6fb1da
                                                                                                                                                                                                      • Instruction ID: 24fd1c942ff9d17dcb039b05ad899f6e5fbd27e7558c2c400ca6b62af4416d6c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d6bbdf147ff6021eb52aa6f0fa4c006d9dc3069fab1ba781eead06e13e6fb1da
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BF0F6397401001FD3104A5F9C85B86B7EAEFC8A24B2580A6F109CB772D960EC038A90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B3F71 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 14f4dc85aeadf51b0144e8a0d764ea43eba53cb348ed6511d6dfa9ed293c0b5f
                                                                                                                                                                                                      • Instruction ID: 92bc25cf242ca8f5a9214180a150ab2fa048baeb5de363021f09680c5b87349c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 14f4dc85aeadf51b0144e8a0d764ea43eba53cb348ed6511d6dfa9ed293c0b5f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AE019925F0120457BA493FB0A12D22C76E2DB876467484E9AEA07E73C1DEB9BD3C8715
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BE9A9 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0bdef219e813e93c6bc2c1e0789d210df786bce8ab7a2b155cf9260c1e3e6777
                                                                                                                                                                                                      • Instruction ID: 210d8167c2fb04ee986ce6690b8232db0d28baf73aff100db100caf5ad763d44
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0bdef219e813e93c6bc2c1e0789d210df786bce8ab7a2b155cf9260c1e3e6777
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4F0FC327500595FEB199614C8949EEF755EF84320F04807AE919CB3A1DF34D807C7C0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B4E00 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a9f2e6886c0bae243fb8b4812d42f56aedf5129558ec41c29494b381f068b840
                                                                                                                                                                                                      • Instruction ID: e05e3cfad5afee49bf017e92f686d2a8113ea514cccc24dbbf63732f12699d98
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a9f2e6886c0bae243fb8b4812d42f56aedf5129558ec41c29494b381f068b840
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97F04632F441524FF7168A6998207AAFBA5EFC8720F1484AAD145CB392DA69BC4387C0
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280EDF3 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8fca0c213bba649bba8db7e4c842ceee376f664af38aebf0d4de87ccb29a59d3
                                                                                                                                                                                                      • Instruction ID: 63922bf191211f03313187adef1636fea93a565c2e7f9504ae1ebf062491a516
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8fca0c213bba649bba8db7e4c842ceee376f664af38aebf0d4de87ccb29a59d3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2801D678740209CFDB959FA5CC98B6EBBB5BF89704F140869D406DB3B5DBB49801CB40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B39A9 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 8245b45dd9e14afef065d8bec523f75beb318a410bc6be299df00b9e7c7ef110
                                                                                                                                                                                                      • Instruction ID: aae4931f2cf21ced0f21fa2726f0ec0eea2910654af6232df2fd758448fcd5f3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8245b45dd9e14afef065d8bec523f75beb318a410bc6be299df00b9e7c7ef110
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F01B134A586199FEF00DF65D840BEEBBB2BF88300F289555D841F73A4DB74A844CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B4E68 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b9be58ca16ef911bced58f3792351b8c5f23cb58aaafc712e35e9dca6e950f58
                                                                                                                                                                                                      • Instruction ID: 392ce4a441e8a0851c0f2003b3c512f46fb9a1b121dc5ac7e6f4fde9506bc079
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9be58ca16ef911bced58f3792351b8c5f23cb58aaafc712e35e9dca6e950f58
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F1F02B62F8D2914FE32347385D11365AF91CBC6624F08099AC1C5CF3A3D69AEC07C390
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02803348 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b464976e3e6bc4cd4803ccde1e7a28e0d6fae082c068c3e3e8168170629ccd83
                                                                                                                                                                                                      • Instruction ID: 6b60c81c5cc57eda68ee2dc36eba73223244718a5dbf36a512fa4965fdacdd4a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b464976e3e6bc4cd4803ccde1e7a28e0d6fae082c068c3e3e8168170629ccd83
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1301693C608209DFF7908B14ECC972E77A1E780319F0A88E2D106CA2D5DFB88884CB01
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B41ED Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 219a64d848fb3f168d31adf849be45c7ba72c895ea7f7f94280682116fa13105
                                                                                                                                                                                                      • Instruction ID: 8b160389ede0c123045e825e4b496f9d77860359f6fe4da3747c9899eaef54bc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 219a64d848fb3f168d31adf849be45c7ba72c895ea7f7f94280682116fa13105
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7F04CB1D48260CFE7009B18881A799BFF0EF21A10F1406C7D092DB773D6A4A805CBC1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280F218 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: d5a80f209ba0c1280338cfe840fa152c8a5e0c662d2f5dba3d81831d31c71a8c
                                                                                                                                                                                                      • Instruction ID: 63b73d47dbecdb745a78fe4dbf11afffaef9eec77cec5d50825c704904366a84
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d5a80f209ba0c1280338cfe840fa152c8a5e0c662d2f5dba3d81831d31c71a8c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E5F0A73AB086004FD315D66E9CD064777D9EFC8755B258096E158C77B6ED60DC0287A1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B70BF Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: c0dc337015e9ab8ba81fec638196ef4375d3a0e23aba13f67d9d37b0bab84ec8
                                                                                                                                                                                                      • Instruction ID: e549ce65081031f7e5c7a2dc4600726dd1fc3bd5eee752a7d345e2ca58f4b518
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0dc337015e9ab8ba81fec638196ef4375d3a0e23aba13f67d9d37b0bab84ec8
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D7F08239E04A449FDB1ACBB8E4883DCBFB2EB84311F09859AC045D7251DBB41E93CB84
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BDE07 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 58b0787ce8151b19e6443ed2bbf35d81c51565f21e14e14f3ff9c7673f790e50
                                                                                                                                                                                                      • Instruction ID: bdeb871a791895b2c53720b0d2511dcaa956dc547c3ad8a7b730f57c007c888c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 58b0787ce8151b19e6443ed2bbf35d81c51565f21e14e14f3ff9c7673f790e50
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33F0A0312442064FD706DA29E994889FB56EAD03643088A7AD05A8B236CE749C9B8790
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02806499 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 1f207b281ba71815e04b882df2c67e3f3dd3e152f142f24c11bc87dc4c85cbd9
                                                                                                                                                                                                      • Instruction ID: 3ab3c14fdee7f5286d655eb0106e24a23a70d7a0b44c2dae3826dc45bc7b84a5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1f207b281ba71815e04b882df2c67e3f3dd3e152f142f24c11bc87dc4c85cbd9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6EF055313446004BC301A728F86536BBBD2DFC1725F0882B8E2898B3A2CF24580A8380
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280C4B8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 7df9b8c4299e032e6c745999d244469f14a15b71f887b6fd678987d920c7e33b
                                                                                                                                                                                                      • Instruction ID: 21362cd6c1946c36c608175d4b23bd181af9364cf05bcc2f82e47cc94e28bcbf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7df9b8c4299e032e6c745999d244469f14a15b71f887b6fd678987d920c7e33b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 94E04F366042289FDB14DAE9A8406DABBEDEB49261F1040BBE50CC3680EE72D8408790
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B70D0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 34dd77373e1723d8db5a05a94aae01b62f6574f4eb101d403aef112ac8f6e629
                                                                                                                                                                                                      • Instruction ID: 0c3c26a8329b3ff67af0e7a80b0ec17de03522cee5accef2dd1aaea6b7c8a57c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34dd77373e1723d8db5a05a94aae01b62f6574f4eb101d403aef112ac8f6e629
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0BF06531E04618AFDB0ADBA8D44C7DDBFB6EB84310F088499D045D7350DBB41A91CB84
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B3CC8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: be8e4674c5c81142fd691fefcac00a91b85525fe903b015f1ef8b82492908cea
                                                                                                                                                                                                      • Instruction ID: a601b1b212917925a2d80dc91a1e5feef22e9017ad08f426ec5974f47c5b646d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: be8e4674c5c81142fd691fefcac00a91b85525fe903b015f1ef8b82492908cea
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CFE04F7160924DAFC701DFB8DC055AABBACDB4520471405FAED48C7291EA36DE118791
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BDE18 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 505e9eb924b9c215fb9466d609eb6fff39f9df2b9196b6ac39778ea2f9ebbb3c
                                                                                                                                                                                                      • Instruction ID: 5300ac707067c3112a4004ab82607f695fd6859856af5a8ee7b49398921141d6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 505e9eb924b9c215fb9466d609eb6fff39f9df2b9196b6ac39778ea2f9ebbb3c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 46E048317012055FC711EA1AEC84C4BFB9ADFC0364714C939E11A87335DEB4ED5A87A4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02801B49 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 948bfb36c3c02c9ca2176f48b8ee2cc524e5fe111839730cdb4fd46ff8ebfc35
                                                                                                                                                                                                      • Instruction ID: 5eb41bea21220e422717915e4b5307e5b4b5eb07ff3eb3ee2c04e3b1677af9b3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 948bfb36c3c02c9ca2176f48b8ee2cc524e5fe111839730cdb4fd46ff8ebfc35
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B7E0D8353006204FC300EB7CD948E9537E9AF8D62071081B9E549C73EACE21DC418795
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02801EF8 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6f335850639e4b8e7f6c55e91041f2c75b631ccfbd422952bfba281c80752e02
                                                                                                                                                                                                      • Instruction ID: 3e185c90c66be6f7637e51ea1ea15c2ccd812e67719415a33f5d2cc4b306fa68
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6f335850639e4b8e7f6c55e91041f2c75b631ccfbd422952bfba281c80752e02
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 10E086353141544BD3045A1EE810A5377DDDBCAB21F1000E6F548CB351CA61EC0247D4
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BF878 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a53b6fc2ba8de7cfd177859a0c8745827a47aeafc506ad6482f0577aec6c367d
                                                                                                                                                                                                      • Instruction ID: b89a3ae7d3f678469195fde21e0707626c5b79b9d2d83663074cef2af9f73edd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a53b6fc2ba8de7cfd177859a0c8745827a47aeafc506ad6482f0577aec6c367d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64E0C234B08A924FD7138629AC108AB7BF9CFC570030549AEE4C6C732BEA24DC078791
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02800517 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 22840fe2a39e8426c5f781d420a99691b7b90e443d944be02ae72dd3e59ca7da
                                                                                                                                                                                                      • Instruction ID: 5cd11ca2a6ba9500eec1dc7a76d57a223eda5c35f992321f763bcb30583eebbb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 22840fe2a39e8426c5f781d420a99691b7b90e443d944be02ae72dd3e59ca7da
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 41E0867E8092804FD7528B64ACE92E47F20F91325430E41CAC085DF1A7D644C44AC750
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B4498 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: fdd6b30e01c75db8fe8f1e9afa2166ff225594d49dc0d19d995fa865b3f913e1
                                                                                                                                                                                                      • Instruction ID: e57f20b19b05eb7bf7ff62a30d3f7d1aaa8603cf6b007d748541b8ee00ed1f47
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fdd6b30e01c75db8fe8f1e9afa2166ff225594d49dc0d19d995fa865b3f913e1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7E0D8395482C88FDB02DBA4E5505D83F71EB42308F1851C9C0858F2A7C9654E07D751
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B48E9 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: a46160ba8128adf1afaf83ce367b16a60159a1ca75a61494955aab839f548ad0
                                                                                                                                                                                                      • Instruction ID: 33f24b6c34a72ea4f8d8daf39c961a01780f7bd91000ddf005ee75583e99ec34
                                                                                                                                                                                                      • Opcode Fuzzy Hash: a46160ba8128adf1afaf83ce367b16a60159a1ca75a61494955aab839f548ad0
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9AE0DF38A882C94FEB05D734E5A07B83B62EB81308F2462D985450F7A6DFB90D16A716
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B9268 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 7f149afc6670102b4d62388060b746de710eddeba27ab5a71ef2f2cd26c33313
                                                                                                                                                                                                      • Instruction ID: d22a0f2585baafc194c98382af9a1960c3ca2df9759167e1e95397d833d6b669
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7f149afc6670102b4d62388060b746de710eddeba27ab5a71ef2f2cd26c33313
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FCD0C2316403149FFB24256448017E533885B07728F500E65D764DB380D5A2F841C2D2
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B48F8 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 0c7c4128314130de0cce6363f7104bee8d7dd59b4144d196ec8bcab876c69fa4
                                                                                                                                                                                                      • Instruction ID: be578c9a6a005798cfdfdba6076ca0d05cf00b14748656e51974c3025f43c53c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0c7c4128314130de0cce6363f7104bee8d7dd59b4144d196ec8bcab876c69fa4
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 32E08C30E00208AFEB00EBB4E9007ADB7E5EB44200F1045A9D90497340EAB16E189780
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B44A8 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ae1032ac0d9fe379624af10b6b8ba69c56f9724fdee3408986facdf0f20c16bd
                                                                                                                                                                                                      • Instruction ID: 1f943fe74dbee240c2c0095a007a011989dd49e54c39f1639e02e702c8c6a8eb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ae1032ac0d9fe379624af10b6b8ba69c56f9724fdee3408986facdf0f20c16bd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70E0EC70A01208EFDB00DBE4E54475DB7F9DB44214F1446A9D808D3345EA716E149791
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280AC40 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ed2d4a5a098fa695ea64c0d5934d374f5865f7e692c54b03b42df7edc279468a
                                                                                                                                                                                                      • Instruction ID: e904cd545d0845e090c2095372ec01f662ba0db5a34675c36eb2a5d8ba160e5e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed2d4a5a098fa695ea64c0d5934d374f5865f7e692c54b03b42df7edc279468a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7FD012B262432577E7512AB9DC40795B7DCAF5AA34F4000B2D00D96140D9AAAD4347F7
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02803F4F Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: db42036c4bfa985d74f3a6836a41b30313e86cd9169046b594dfd5f4f63379aa
                                                                                                                                                                                                      • Instruction ID: ec257bbeda4638e550cb60c3cd150ef78f6905c0a274e3e6692e77f953ef52f6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: db42036c4bfa985d74f3a6836a41b30313e86cd9169046b594dfd5f4f63379aa
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AC01269A541140BE7562D18B8A17DB1386DBD3B21F410499E5845B388CA591E4743D5
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280D65A Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 40a088af6afb4ffa0e890b563545c79c092cb38ff5bc70773b4333be5287fd01
                                                                                                                                                                                                      • Instruction ID: f419e3a371eaa60901895afc75797f358f67a504475dc320aaaf1b7906d0dc75
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 40a088af6afb4ffa0e890b563545c79c092cb38ff5bc70773b4333be5287fd01
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 75C0123920830A8FDBC29BF09C053127BACEF03218F424190E01CCA093E7BA8846CB81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B5D60 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 5ff0739baa44a3d13564d6bb562f74aa4b70dd0e048bc3ceb72f5407fb61cfd5
                                                                                                                                                                                                      • Instruction ID: c85697af3f659a9d4d940b5933d03b395c5ffe9fa987d6f22da9eca43a089c93
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5ff0739baa44a3d13564d6bb562f74aa4b70dd0e048bc3ceb72f5407fb61cfd5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 64C08CAEC0C2CA4FCB328BB238280C4BF64EC1320030A56C5C4898D273E8181497C762
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280B9F0 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 826c78a97bdcbc9fb43d5809a705224d85df8f40881b857109d452cb582bb98e
                                                                                                                                                                                                      • Instruction ID: 374815e11e160d248d8171201aefe902566137309fdcace2913991cb4dabb325
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 826c78a97bdcbc9fb43d5809a705224d85df8f40881b857109d452cb582bb98e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 97C012311803088FC3808E18C840A0073F8EF26B24F4000D0E4088F222C770AC42AA50
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02803E18 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 16c426aa4ecf5bd27826ee5ebc4f391060b558281d7a52effbb0776a3735e369
                                                                                                                                                                                                      • Instruction ID: 3ad8cdb946ca27517b47f0799589fb0644f75efefcd6729975d08a0a635b46fd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 16c426aa4ecf5bd27826ee5ebc4f391060b558281d7a52effbb0776a3735e369
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FFC012A400D3E08FCB039F28DD6009A7F38AD4220430A4ACBC182CF2E3EA588848C3E1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280AC50 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ed5f9781cf6c6f8d4afda5cba24fcd2a7898eda5054d4222430c2c2de030ee12
                                                                                                                                                                                                      • Instruction ID: 337bf52edf566467d0d008a32951b087023e4298c612951175a083800fd06d3a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ed5f9781cf6c6f8d4afda5cba24fcd2a7898eda5054d4222430c2c2de030ee12
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ECB0922272423963D51476FEA800BAAB28D9B99C69F804167A54DD36409C9AEC0203EB
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280BBB0 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 6302c570c23e570d1c7c5bc60cccab96389f59531679f2e942edbc64bbcc985d
                                                                                                                                                                                                      • Instruction ID: 77b1d1cfdc46410f01f774fe6cb36829db573747a6d4b6ca8a240956a94dfe74
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6302c570c23e570d1c7c5bc60cccab96389f59531679f2e942edbc64bbcc985d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8CC00235054305CFDB512F65ED08384B7BCAF52756F400190E91A974B19FFC5955CE64
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280D670 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 25981a6fa9860135d5e8a283db3b96c1e23a4cb72a29d0256fbe039a30c2e21d
                                                                                                                                                                                                      • Instruction ID: f5028db34c258dbb9dcf697ecd30373883848bee5922b76912c2505b56bdce3c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 25981a6fa9860135d5e8a283db3b96c1e23a4cb72a29d0256fbe039a30c2e21d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A8B092352543084AEB9097F57C44726328C9B41619F804065F40CC2991FADBE461A180
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280725A Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 884ac207dd0047e1797a411ebb52636b257470425ac3b601d0457607cd132bd1
                                                                                                                                                                                                      • Instruction ID: 62632c873f0d43246356d92aa9dc9a70b5989e06f68ffe1b40488a4d26fea21c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 884ac207dd0047e1797a411ebb52636b257470425ac3b601d0457607cd132bd1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7BC08CFD0481488BC3414771CC9AA8E7B31EF80320F14526DC112A3AAACA7CC8429A81
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028009A0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 290d45765c83e32a7d29a58c94fdf940fd49d5643c01df45f3ba60e5f47a4c0a
                                                                                                                                                                                                      • Instruction ID: b231849def7b86676b5fd7f1e468e62d95a234d925feaf0a76a80f7147e380b2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 290d45765c83e32a7d29a58c94fdf940fd49d5643c01df45f3ba60e5f47a4c0a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92C02BB204D7944FC30217502C055047F7C490320470500C3D40C5A0E3DAAC08208301
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B3C83 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: da8b6a065b3c82f8c8960ec5cece528485e2329af244784234a565858e8f22ee
                                                                                                                                                                                                      • Instruction ID: 0147981ed4d772f1f0fc04b213ca24619168e29f3566d8b09f97dc42e2a7c190
                                                                                                                                                                                                      • Opcode Fuzzy Hash: da8b6a065b3c82f8c8960ec5cece528485e2329af244784234a565858e8f22ee
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C6B0923AA60029AA8A00D688F8508ECB730EA90222F004032D200520008A2115398650
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02800880 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f192073d86dd3f30a45e976b77e07accc2149f2e371a53f44b129babbaec8077
                                                                                                                                                                                                      • Instruction ID: df534cb1c50fe5aa9fa8c645de3fcfcadc50ced80ab0227f0c60091b5135ac5a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f192073d86dd3f30a45e976b77e07accc2149f2e371a53f44b129babbaec8077
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5BB09222A90242EFC70089F4441E7E033F0EB00277FD880BE8405C8202E26E045B8605
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02801F33 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 36bae886a4f899dcc87fcec443308a56b38fb2a17909d24dcd0f94da3e48c06f
                                                                                                                                                                                                      • Instruction ID: 6a1ea4387fae0f821ffc618e6750a31ae291b7b65ee69e2d47b473e477c5ca2e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 36bae886a4f899dcc87fcec443308a56b38fb2a17909d24dcd0f94da3e48c06f
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3AC09238008A818FCF038FA0EAA8150BFB0BE4330130A41C1C0858F0A2CB689C46DB04
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02808AA0 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: f1066f21b1a51794738a03f8b01a745832a653529be73225d525e0ad6fd2101c
                                                                                                                                                                                                      • Instruction ID: 714a86fa4bc9ee10a1f32da6ab366a44d740e065789d953d59655a9a3df7a0da
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f1066f21b1a51794738a03f8b01a745832a653529be73225d525e0ad6fd2101c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02B09238A00908CBC7008B90EC889AE7732AB88302F608010C412632988AB45841CA51
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 028009B0 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 03949d782b8e4ee699abe93b76333a8619c37e54ae859a804d592ed06990f39d
                                                                                                                                                                                                      • Instruction ID: 51c1f9bfcd50644197de41f125f2ee586cd93322a5cd1078ffdfbca84ac82046
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 03949d782b8e4ee699abe93b76333a8619c37e54ae859a804d592ed06990f39d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 31900231044A0C8B455027957C09659BB5C9546519B804051E50D525525EA965604595
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B8F74 Relevance: .0, Instructions: 3COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 04430a06eff2f3fd5eca5614b4cec6562d00b2bf5f7293ed3595165ede8df210
                                                                                                                                                                                                      • Instruction ID: 2b8b7e990177a59a0256047852a9e8d3e5c523dfd6f9164bba423445e07a98eb
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 04430a06eff2f3fd5eca5614b4cec6562d00b2bf5f7293ed3595165ede8df210
                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BF870 Relevance: .0, Instructions: 2COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: fae24986572789277c7ab3e8851c1de2c6bf1c38d1a98f2d54a64c1c08088ce4
                                                                                                                                                                                                      • Instruction ID: d8089a3ba9f2201b14df772affc3ed060e1a58333a9610f979151b19637d3d02
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fae24986572789277c7ab3e8851c1de2c6bf1c38d1a98f2d54a64c1c08088ce4
                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Non-executed Functions

                                                                                                                                                                                                      Function 048B87D8 Relevance: 2.8, Strings: 2, Instructions: 331COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (bq$,bq
                                                                                                                                                                                                      • API String ID: 0-1616511919
                                                                                                                                                                                                      • Opcode ID: c0765f538f73dedd1a4c0f7b5a690ff8e4e6994dfbf035f7a085f9154bd1cc41
                                                                                                                                                                                                      • Instruction ID: ab02b2d8b247062c2966185cacd7cdd0de09413c8c0fae80a8fb3c39c517fba3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c0765f538f73dedd1a4c0f7b5a690ff8e4e6994dfbf035f7a085f9154bd1cc41
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 61D11B74A00604CFDB05EF68C584A99BBF6BF88315F258AA9E445EB361D730EC81CB91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280CCD3 Relevance: 1.6, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: LR^q
                                                                                                                                                                                                      • API String ID: 0-2625958711
                                                                                                                                                                                                      • Opcode ID: 8c36d3126f6ef5b9311042619979d72ad78a94ab535f3430663fed1d48348703
                                                                                                                                                                                                      • Instruction ID: 43cb8df00f17db4d2698a1947ea0f1fffbfea181866c9ca097bbb5b8dce5cf4b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c36d3126f6ef5b9311042619979d72ad78a94ab535f3430663fed1d48348703
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FBF18F79A006298FDB54CFA9C880BADF7F2EF89304F15C1A9D019DB695D734AD85CB40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280D7C0 Relevance: 1.5, Strings: 1, Instructions: 296COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 0-3916222277
                                                                                                                                                                                                      • Opcode ID: 53d35464654aae4a5623fce3c2858f34dd94636ea60d7aedb950b9dd11c89eb2
                                                                                                                                                                                                      • Instruction ID: 198786ffbd1eb30e5f3be39edb884033b27dab720af3d9e8c9983aaa9b164995
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 53d35464654aae4a5623fce3c2858f34dd94636ea60d7aedb950b9dd11c89eb2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 85A1AD79F001198FCB40DFA9DC806AEBBF2FB88211B14857AD619DB794D734EC518B91
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280CDCE Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: LR^q
                                                                                                                                                                                                      • API String ID: 0-2625958711
                                                                                                                                                                                                      • Opcode ID: ff078f8308773d1ff43373cc0c48901fba56822c98a0890f82beddb1ee1d94fc
                                                                                                                                                                                                      • Instruction ID: 43c1c9d88be26c26b27ddd6a51830a4449235e66f2491b7be9c1e128a2ffd0f7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ff078f8308773d1ff43373cc0c48901fba56822c98a0890f82beddb1ee1d94fc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 72916D79E006198BDB54CFA5C9C0AADF7B2EF88304F29C569D009AB695D734AD85CF40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02808150 Relevance: .2, Instructions: 247COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b2f820485499aab261450bf6ea3e097aba4ed2d8af94ee770b58c2a3db0cc068
                                                                                                                                                                                                      • Instruction ID: 154f9bed53feb752b6ce665963f11a6fe54f8f238e8b877c882cdabf17511a26
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b2f820485499aab261450bf6ea3e097aba4ed2d8af94ee770b58c2a3db0cc068
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CFA1067DA04609EFE794CF48C885BAAB7B3FF84304F188A65D1158B688C774AD85CF90
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280D3D9 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: 33b56d2ec70913be5ff9a93a68b42667aa384b3599c0c3281fe4a2144d16d79a
                                                                                                                                                                                                      • Instruction ID: 2f85ef242be1d39af1514e34f88e05c9d946dc41d0c9cc6b4c59077a5ce5dd6d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 33b56d2ec70913be5ff9a93a68b42667aa384b3599c0c3281fe4a2144d16d79a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1A611A36F105258BD754DBA9CC84B5EB7E3AFC8715F1A8164E409DB3A9DE74EC028B80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 02802BB7 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: b5ed3eae607efa3e4a3980ddacb3f2b87713a900b20bd26db6d11f3ff3b54b37
                                                                                                                                                                                                      • Instruction ID: ae8eb8fd9cac7245a001c8b273beda3b2dbe9f3b55fca0e727bf5f172cd8f881
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b5ed3eae607efa3e4a3980ddacb3f2b87713a900b20bd26db6d11f3ff3b54b37
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8C91706940E6C38FDB434BF88CA4691BFE19F07328F5946DAC0D18E1E7C2A59593C745
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0280C8FE Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2074912736.0000000002800000.00000040.00000800.00020000.00000000.sdmp, Offset: 02800000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_2800000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID:
                                                                                                                                                                                                      • Opcode ID: ffd2f380b8554cdb45b65fceb721559ecea0d468d0089ba693defec74be14317
                                                                                                                                                                                                      • Instruction ID: b3536478a572b6756e78911787424983cb8517493babaca7f48e15612fd6126e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ffd2f380b8554cdb45b65fceb721559ecea0d468d0089ba693defec74be14317
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6441EA79D5121F9FEF50CFA9E880AADB7F5BF48304F14A216D016EB291DB359941CB40
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048BE3F0 Relevance: 7.9, Strings: 6, Instructions: 406COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
                                                                                                                                                                                                      • API String ID: 0-723292480
                                                                                                                                                                                                      • Opcode ID: 5eda47634fcfebba2fb9e8d3a641c3390bf3b4e6ecfeb110b659b66a9ff75473
                                                                                                                                                                                                      • Instruction ID: abb80ea1505e0c3853178f7aeccdf2f2b96e2f6deaeb2322d2410edc399ec078
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5eda47634fcfebba2fb9e8d3a641c3390bf3b4e6ecfeb110b659b66a9ff75473
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E7D18E32A00514DFDB05DF64C944EAABBB2FF48310F0545E8E649AB276D732ED56DB80
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 048B20A4 Relevance: 5.0, Strings: 4, Instructions: 3COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000000.00000002.2083166581.00000000048B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 048B0000, based on PE: false
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_0_2_48b0000_SecuriteInfo.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: TJcq$jjjjjj$$^q$$^q
                                                                                                                                                                                                      • API String ID: 0-672324049
                                                                                                                                                                                                      • Opcode ID: c4875e288ef759c1578f868442d5b374683fcffacfc613321b827231197d4b12
                                                                                                                                                                                                      • Instruction ID: dbf4953322892026b1983b6b970265862ac1a432a4662828b98e0d796673ab3e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c4875e288ef759c1578f868442d5b374683fcffacfc613321b827231197d4b12
                                                                                                                                                                                                      • Instruction Fuzzy Hash:
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Execution Graph

                                                                                                                                                                                                      Execution Coverage:11.5%
                                                                                                                                                                                                      Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                      Signature Coverage:5.8%
                                                                                                                                                                                                      Total number of Nodes:2000
                                                                                                                                                                                                      Total number of Limit Nodes:59
                                                                                                                                                                                                      execution_graph 25500 401000 memset GetModuleHandleW HeapCreate 26439 4298d0 HeapCreate HeapAlloc 25500->26439 25502 40104e 26440 42773f 25502->26440 25506 40105d 26446 42746d 25506->26446 25516 401076 26466 41fc82 InitializeCriticalSection GetStockObject 25516->26466 25518 40107b 26471 41c9e9 25518->26471 25522 401085 26507 41b4a0 25522->26507 25526 40108f 26517 410817 25526->26517 25530 40109e 26521 40f481 25530->26521 25532 4010a3 26526 40f109 memset InitCommonControlsEx CoInitialize 25532->26526 25534 4010a8 26527 40e17f InitializeCriticalSection 25534->26527 25536 4010ad 26528 40a18c 25536->26528 25543 427b1d 16 API calls 25544 4010f2 25543->25544 25545 427a6c 11 API calls 25544->25545 25546 40110d 25545->25546 26547 4048d2 25546->26547 25549 401134 26556 411387 25549->26556 25550 40111b 26555 40f140 20 API calls 25550->26555 25553 40112f 25555 40481e ExitProcess 25553->25555 25554 401152 26561 40f4b0 25554->26561 26946 429920 HeapFree HeapDestroy 25555->26946 25557 40482d HeapDestroy ExitProcess 25559 401170 26566 41bf0e 25559->26566 25565 40119e 26582 429950 25565->26582 25567 4011a8 26586 40702e 25567->26586 25570 429950 2 API calls 25571 4011be 25570->25571 26601 4299b0 25571->26601 25573 4011c8 26605 41c006 25573->26605 25576 4011e4 26947 40f140 20 API calls 25576->26947 25577 401207 25578 429950 2 API calls 25577->25578 25580 401218 25578->25580 25582 429950 2 API calls 25580->25582 25581 4011f8 26948 4049a5 25581->26948 25584 401222 25582->25584 25587 4299b0 2 API calls 25584->25587 25589 40122c 25587->25589 25588 401202 25588->25555 25590 40f4b0 4 API calls 25589->25590 25591 40123e 25590->25591 26610 41b620 25591->26610 25594 401267 26613 41b640 25594->26613 25595 4013eb 26956 40f140 20 API calls 25595->26956 25598 4013ff 26957 4048a2 ReleaseMutex CloseHandle CoUninitialize 25598->26957 25599 401271 26618 41b6a0 25599->26618 25604 401294 25605 41b640 2 API calls 25604->25605 25606 4012ac 25605->25606 25607 41b6a0 2 API calls 25606->25607 25608 4012d7 25607->25608 25609 41b6f0 7 API calls 25608->25609 25610 4012e1 25609->25610 25611 41b640 2 API calls 25610->25611 25612 4012f9 25611->25612 25613 41b6a0 2 API calls 25612->25613 25614 401336 25613->25614 26631 41b5e0 25614->26631 25617 4013b7 25619 41b430 5 API calls 25617->25619 25620 4013c1 25619->25620 26954 40f140 20 API calls 25620->26954 25623 4013d5 26955 4048a2 ReleaseMutex CloseHandle CoUninitialize 25623->26955 25624 40134a 25626 4013ab 25624->25626 26634 41b760 25624->26634 26641 41b7c0 25624->26641 26648 41b430 25626->26648 25629 41b430 5 API calls 25630 4013e9 25629->25630 25631 429950 2 API calls 25630->25631 25632 40141a 25631->25632 25633 4299b0 2 API calls 25632->25633 25634 401424 25633->25634 26655 404952 25634->26655 25637 401459 25640 429950 2 API calls 25637->25640 25638 40143b 26958 40f140 20 API calls 25638->26958 25642 401470 25640->25642 25641 40144f 26959 4048a2 ReleaseMutex CloseHandle CoUninitialize 25641->26959 25644 429950 2 API calls 25642->25644 25645 40147a 25644->25645 26665 41c085 25645->26665 25648 4014f2 25651 429950 2 API calls 25648->25651 25649 4014ab 25650 429950 2 API calls 25649->25650 25652 4014c2 25650->25652 25653 401509 25651->25653 25654 429950 2 API calls 25652->25654 25655 429950 2 API calls 25653->25655 25656 4014cc 25654->25656 25657 401513 25655->25657 26960 426c00 25656->26960 25659 41b5e0 10 API calls 25657->25659 25660 40152e 25659->25660 25661 401561 25660->25661 25662 401538 25660->25662 25664 429950 2 API calls 25661->25664 26963 41b810 6 API calls 25662->26963 25666 401578 25664->25666 25665 401557 25667 41b430 5 API calls 25665->25667 25668 429950 2 API calls 25666->25668 25667->25661 25669 401582 25668->25669 25672 426c00 39 API calls 25669->25672 25670 4014e7 25671 4015eb 25670->25671 26964 426c4e 25670->26964 25674 429950 2 API calls 25671->25674 25672->25670 25675 401602 25674->25675 25676 429950 2 API calls 25675->25676 25677 40160c 25676->25677 26681 40fcae 25677->26681 25680 4018f0 25681 4018fa 25680->25681 25682 40191d 25680->25682 27067 40f140 20 API calls 25681->27067 25686 429950 2 API calls 25682->25686 25684 401637 25694 401649 25684->25694 26989 408b02 25684->26989 25688 401934 25686->25688 25687 40190e 25692 4049a5 35 API calls 25687->25692 25689 429950 2 API calls 25688->25689 25693 40193e 25689->25693 25696 401913 25692->25696 26705 41b600 25693->26705 27055 410007 6 API calls 25694->27055 25695 401682 25701 408b02 19 API calls 25695->25701 25704 401694 25695->25704 27068 4048a2 ReleaseMutex CloseHandle CoUninitialize 25696->27068 25701->25704 25702 4016cd 25707 408b02 19 API calls 25702->25707 25710 4016df 25702->25710 25703 401c10 25706 427b1d 16 API calls 25703->25706 27056 410007 6 API calls 25704->27056 25708 401c1b 25706->25708 25707->25710 25711 427a6c 11 API calls 25708->25711 27057 410007 6 API calls 25710->27057 25713 401c36 25711->25713 25712 401718 25717 408b02 19 API calls 25712->25717 25722 40172a 25712->25722 25716 429950 2 API calls 25713->25716 25715 401c05 25719 41b430 5 API calls 25715->25719 25721 401c4d 25716->25721 25717->25722 25718 401763 25724 408b02 19 API calls 25718->25724 25728 401775 25718->25728 25719->25703 25723 429950 2 API calls 25721->25723 27058 410007 6 API calls 25722->27058 25727 401c57 25723->25727 25724->25728 25726 41b910 15 API calls 25898 401971 25726->25898 25730 41b600 10 API calls 25727->25730 27059 410007 6 API calls 25728->27059 25729 4017ae 25734 408b02 19 API calls 25729->25734 25736 4017c0 25729->25736 25731 401c72 25730->25731 25732 401d6c 25731->25732 25787 401c8a 25731->25787 25735 429950 2 API calls 25732->25735 25734->25736 25739 401d83 25735->25739 27060 410007 6 API calls 25736->27060 25738 4017f9 25742 408b02 19 API calls 25738->25742 25745 40180b 25738->25745 25740 429950 2 API calls 25739->25740 25744 401d8d 25740->25744 25741 4299b0 RtlAllocateHeap HeapReAlloc 25741->25898 25742->25745 25747 40fcae 47 API calls 25744->25747 27061 410007 6 API calls 25745->27061 25746 401844 25749 408b02 19 API calls 25746->25749 25754 401856 25746->25754 25750 401d9b 25747->25750 25748 401d61 25753 41b430 5 API calls 25748->25753 25749->25754 25755 4021db 25750->25755 25757 41002f 6 API calls 25750->25757 25753->25732 27062 410007 6 API calls 25754->27062 26708 4092f8 25755->26708 25756 40188f 25762 408b02 19 API calls 25756->25762 25766 4018a1 25756->25766 25760 401db3 25757->25760 25764 410143 11 API calls 25760->25764 25762->25766 25763 4018da 27064 410024 25763->27064 25767 401dc9 25764->25767 25765 4299b0 2 API calls 25768 4021fb 25765->25768 27063 410007 6 API calls 25766->27063 25770 4299b0 2 API calls 25767->25770 25771 4092f8 41 API calls 25768->25771 25772 401dd3 25770->25772 25773 402211 25771->25773 25775 410143 11 API calls 25772->25775 25776 4299b0 2 API calls 25773->25776 25774 41b910 15 API calls 25774->25787 25777 401de9 25775->25777 25811 40221b 25776->25811 25778 4299b0 2 API calls 25777->25778 25779 401df3 25778->25779 27075 410007 6 API calls 25779->27075 25781 4092f8 41 API calls 25781->25898 25782 401e02 27076 410007 6 API calls 25782->27076 25784 402281 25788 402290 25784->25788 25789 40246a 25784->25789 25785 4299b0 RtlAllocateHeap HeapReAlloc 25785->25787 25786 401e16 27077 410007 6 API calls 25786->27077 25787->25748 25787->25774 25787->25785 27073 41b870 8 API calls 25787->27073 27074 427b85 5 API calls _strftime 25787->27074 27097 40e2c4 10 API calls 25788->27097 25792 402479 25789->25792 25793 402c7b 25789->25793 25795 429950 2 API calls 25792->25795 27145 4070db GetUserDefaultLangID wcslen HeapAlloc HeapReAlloc HeapFree 25793->27145 25794 402295 25799 429950 2 API calls 25794->25799 25800 402490 25795->25800 25796 401e2a 27078 410007 6 API calls 25796->27078 25797 4299b0 RtlAllocateHeap HeapReAlloc 25797->25811 25803 4022ac 25799->25803 25804 429950 2 API calls 25800->25804 25802 402c80 25807 4245d6 27 API calls 25802->25807 25808 429950 2 API calls 25803->25808 25809 40249a 25804->25809 25805 401e3e 27079 410007 6 API calls 25805->27079 25806 428950 10 API calls 25806->25811 25812 402cac 25807->25812 25813 4022b6 25808->25813 25814 40fcae 47 API calls 25809->25814 25811->25784 25811->25797 25811->25806 25817 402cb4 25812->25817 25818 402c51 25812->25818 25819 426c00 39 API calls 25813->25819 25820 4024a8 25814->25820 25816 401e52 27080 410007 6 API calls 25816->27080 27146 4246a5 HeapAlloc HeapReAlloc DestroyAcceleratorTable CreateAcceleratorTableW 25817->27146 25830 429950 2 API calls 25818->25830 25839 4022d1 25819->25839 25824 402c53 25820->25824 25825 4024b6 25820->25825 25823 402cc8 25837 4201e2 13 API calls 25823->25837 27143 40f140 20 API calls 25824->27143 25828 429950 2 API calls 25825->25828 25826 401e66 27081 410007 6 API calls 25826->27081 25833 4024c7 25828->25833 25831 402ec3 25830->25831 25836 429950 2 API calls 25831->25836 25832 402c67 25838 4049a5 35 API calls 25832->25838 25840 429950 2 API calls 25833->25840 25835 401e7a 25841 410143 11 API calls 25835->25841 25843 402ecd 25836->25843 25844 402cf1 25837->25844 25845 402c6c 25838->25845 25839->25789 27098 4245d6 25839->27098 25846 4024d1 25840->25846 25842 401e95 25841->25842 25847 4299b0 2 API calls 25842->25847 25848 41c085 8 API calls 25843->25848 27147 420355 25844->27147 27144 4048a2 ReleaseMutex CloseHandle CoUninitialize 25845->27144 25851 4299b0 2 API calls 25846->25851 25852 401e9f 25847->25852 25865 402edb 25848->25865 25855 4024db 25851->25855 27082 410007 6 API calls 25852->27082 26858 41002f 25855->26858 25858 402313 25862 40237b 25858->25862 25869 40232b SetWindowLongW 25858->25869 25860 401eae 27083 410007 6 API calls 25860->27083 25861 402d36 27151 4209ea 25861->27151 25867 429950 2 API calls 25862->25867 25873 429950 2 API calls 25865->25873 25922 402f30 25865->25922 25875 402392 25867->25875 27101 4245f9 25869->27101 25870 4024fb 25877 4299b0 2 API calls 25870->25877 25871 428950 10 API calls 25871->25898 25872 401ec2 27084 410007 6 API calls 25872->27084 25881 402f0d 25873->25881 25883 429950 2 API calls 25875->25883 25886 402505 25877->25886 25879 402fa2 25884 427011 33 API calls 25879->25884 25880 402f5e 25888 429950 2 API calls 25880->25888 25890 429950 2 API calls 25881->25890 25892 40239c 25883->25892 25893 402f9a 25884->25893 25885 402340 ShowWindow 25894 402350 25885->25894 26886 428950 25886->26886 25887 401ed6 25896 410143 11 API calls 25887->25896 25897 402f75 25888->25897 25889 429950 wcslen RtlReAllocateHeap 25889->25898 25899 402f18 25890->25899 25901 41c085 8 API calls 25892->25901 25902 429950 2 API calls 25893->25902 27103 424615 25894->27103 25904 401ef1 25896->25904 25905 429950 2 API calls 25897->25905 25898->25715 25898->25726 25898->25741 25898->25781 25898->25871 25898->25889 27069 41b870 8 API calls 25898->27069 27070 427b85 5 API calls _strftime 25898->27070 27071 40a194 48 API calls 25898->27071 27072 40adb0 9 API calls 25898->27072 25906 429950 2 API calls 25899->25906 25900 429950 2 API calls 25907 402d9e 25900->25907 25925 4023aa 25901->25925 25908 402fc9 25902->25908 25911 4299b0 2 API calls 25904->25911 25912 402f7f 25905->25912 25913 402f22 25906->25913 25914 429950 2 API calls 25907->25914 25917 429950 2 API calls 25908->25917 25910 4299b0 2 API calls 25919 40252c 25910->25919 25920 401efb 25911->25920 25921 426c00 39 API calls 25912->25921 25915 41c085 8 API calls 25913->25915 25916 402da8 25914->25916 25915->25922 25923 41b620 10 API calls 25916->25923 25926 402fd3 25917->25926 25928 41002f 6 API calls 25919->25928 25929 410143 11 API calls 25920->25929 25921->25893 25922->25879 25922->25880 25931 402dc3 25923->25931 25924 40241d 25930 40e1cd 326 API calls 25924->25930 25925->25924 25932 429950 2 API calls 25925->25932 25933 41c085 8 API calls 25926->25933 25935 402536 25928->25935 25936 401f11 25929->25936 25937 40242e 25930->25937 25938 402e57 25931->25938 25955 402dd1 25931->25955 25939 4023e4 25932->25939 25959 402fe1 25933->25959 25941 410143 11 API calls 25935->25941 25942 4299b0 2 API calls 25936->25942 25966 402448 25937->25966 27118 42469d 31 API calls 25937->27118 27119 41c8c7 timeBeginPeriod Sleep timeEndPeriod 25937->27119 27166 40f140 20 API calls 25938->27166 25947 429950 2 API calls 25939->25947 25948 40254c 25941->25948 25943 401f1b 25942->25943 27085 410007 6 API calls 25943->27085 25951 4023ee 25947->25951 25952 4299b0 2 API calls 25948->25952 25950 402e6b 25956 4049a5 35 API calls 25950->25956 27116 40e4bc 21 API calls 25951->27116 25958 402556 25952->25958 25953 401f2a 27086 410007 6 API calls 25953->27086 25968 402e32 25955->25968 27164 41b870 8 API calls 25955->27164 27165 41b910 15 API calls 25955->27165 25961 402e70 25956->25961 25963 410143 11 API calls 25958->25963 25964 429950 2 API calls 25959->25964 26007 403036 25959->26007 27167 4048a2 ReleaseMutex CloseHandle CoUninitialize 25961->27167 25962 402409 25962->25924 27117 40e776 7 API calls 25962->27117 25971 40256c 25963->25971 25972 403013 25964->25972 25965 401f3e 25974 410143 11 API calls 25965->25974 27120 40e7f7 Sleep memset HeapFree 25966->27120 25979 41b430 5 API calls 25968->25979 25969 403064 25978 429950 2 API calls 25969->25978 25970 4030a8 25975 427011 33 API calls 25970->25975 25980 4299b0 2 API calls 25971->25980 25973 429950 2 API calls 25972->25973 25983 40301e 25973->25983 25984 401f59 25974->25984 25985 4030a0 25975->25985 25987 40307b 25978->25987 25981 402e3c 25979->25981 25981->25818 25990 429950 2 API calls 25983->25990 25991 4299b0 2 API calls 25984->25991 26889 406de3 25985->26889 25988 429950 2 API calls 25987->25988 25994 403085 25988->25994 25996 403028 25990->25996 25997 401f63 25991->25997 25993 402456 27121 426ae0 GetObjectType DeleteObject DestroyIcon memset HeapFree 25993->27121 26000 426c00 39 API calls 25994->26000 26002 41c085 8 API calls 25996->26002 26003 410143 11 API calls 25997->26003 26000->25985 26002->26007 26008 401f79 26003->26008 26004 429950 2 API calls 26009 4030e7 ExtractIconW 26004->26009 26005 402460 27122 424104 26005->27122 26007->25969 26007->25970 26012 4299b0 2 API calls 26008->26012 26013 406de3 6 API calls 26009->26013 26015 401f83 26012->26015 26016 403128 26013->26016 27087 410007 6 API calls 26015->27087 26019 429950 2 API calls 26016->26019 26022 403132 ExtractIconW 26019->26022 26021 401f92 26024 410143 11 API calls 26021->26024 26025 403267 26022->26025 26026 403167 26022->26026 26027 401fad 26024->26027 26907 427011 26025->26907 26031 4299b0 2 API calls 26027->26031 26034 401fb7 26031->26034 26038 410143 11 API calls 26034->26038 26042 401fcd 26038->26042 26046 4299b0 2 API calls 26042->26046 26051 401fd7 26046->26051 27088 410007 6 API calls 26051->27088 26059 401fe6 26063 410143 11 API calls 26059->26063 26067 402001 26063->26067 26070 4299b0 2 API calls 26067->26070 26074 40200b 26070->26074 27089 410007 6 API calls 26074->27089 26080 40201a 26084 410143 11 API calls 26080->26084 26085 402035 26084->26085 26091 4299b0 2 API calls 26085->26091 26096 40203f 26091->26096 26101 410143 11 API calls 26096->26101 26104 402055 26101->26104 26108 4299b0 2 API calls 26104->26108 26113 40205f 26108->26113 26117 410143 11 API calls 26113->26117 26121 40207b 26117->26121 27090 410007 6 API calls 26121->27090 26127 4020a3 26130 410143 11 API calls 26127->26130 26132 4020be 26130->26132 26134 4299b0 2 API calls 26132->26134 26135 4020c8 26134->26135 26137 410143 11 API calls 26135->26137 26139 4020de 26137->26139 26142 4299b0 2 API calls 26139->26142 26144 4020e8 26142->26144 26146 410143 11 API calls 26144->26146 26149 4020fe 26146->26149 26154 4299b0 2 API calls 26149->26154 26160 402108 26154->26160 26165 410143 11 API calls 26160->26165 26170 40211e 26165->26170 26175 4299b0 2 API calls 26170->26175 26179 402128 26175->26179 27091 410007 6 API calls 26179->27091 26188 402137 27092 410007 6 API calls 26188->27092 26194 40214b 26200 40215b 26194->26200 26201 40217d 26194->26201 27093 40ae14 12 API calls 26200->27093 27094 40aeb0 12 API calls 26201->27094 26211 402167 26220 4299b0 2 API calls 26211->26220 26213 402189 26222 4299b0 2 API calls 26213->26222 26227 402171 26220->26227 26222->26227 26236 4021c0 26227->26236 26237 4021a8 26227->26237 27096 40afe8 12 API calls 26236->27096 27095 40af4c 12 API calls 26237->27095 26245 4021b4 26250 4299b0 2 API calls 26245->26250 26246 4021cc 26251 4299b0 2 API calls 26246->26251 26254 4021be 26250->26254 26251->26254 26260 410024 29 API calls 26254->26260 26260->25755 26439->25502 27634 427f4b HeapAlloc HeapAlloc 26440->27634 26442 42774d 27635 428040 HeapAlloc 26442->27635 26445 42759b TlsAlloc 26445->25506 26447 428040 HeapAlloc 26446->26447 26448 401062 26447->26448 26449 426b59 26448->26449 27637 427f4b HeapAlloc HeapAlloc 26449->27637 26451 401067 26452 425d57 LoadLibraryW 26451->26452 26453 425d77 GetProcAddress 26452->26453 26454 425d88 GetVersionExW 26452->26454 26453->26454 26455 425dad 26454->26455 26457 40106c 26455->26457 27638 425c9e LoadLibraryW 26455->27638 26458 425997 26457->26458 26459 428040 HeapAlloc 26458->26459 26460 401071 26459->26460 26461 424279 26460->26461 27648 427f4b HeapAlloc HeapAlloc 26461->27648 26463 424287 26464 428040 HeapAlloc 26463->26464 26465 42429a LoadIconW LoadCursorW 26464->26465 26465->25516 27649 427f4b HeapAlloc HeapAlloc 26466->27649 26468 41fcad 26469 428040 HeapAlloc 26468->26469 26470 41fcc3 memset InitCommonControlsEx 26469->26470 26470->25518 26472 427b1d 16 API calls 26471->26472 26473 41c9fe 26472->26473 26474 427a6c 11 API calls 26473->26474 26475 41ca17 26474->26475 26476 427b1d 16 API calls 26475->26476 26477 41ca22 26476->26477 26478 427a6c 11 API calls 26477->26478 26479 41ca3b 26478->26479 26480 427b1d 16 API calls 26479->26480 26481 41ca46 26480->26481 26482 427a6c 11 API calls 26481->26482 26483 41ca5f 26482->26483 26484 427b1d 16 API calls 26483->26484 26485 41ca6a 26484->26485 26486 427a6c 11 API calls 26485->26486 26487 41ca83 26486->26487 26488 427b1d 16 API calls 26487->26488 26489 41ca8e 26488->26489 26490 427a6c 11 API calls 26489->26490 26491 41caa7 26490->26491 26492 427b1d 16 API calls 26491->26492 26493 41cab2 26492->26493 26494 427a6c 11 API calls 26493->26494 26495 41cacb 26494->26495 26496 427b1d 16 API calls 26495->26496 26497 41cad6 26496->26497 26498 427a6c 11 API calls 26497->26498 26499 41caef 26498->26499 26500 427b1d 16 API calls 26499->26500 26501 41cafa 26500->26501 26502 427a6c 11 API calls 26501->26502 26503 41cb13 26502->26503 27650 41cb48 26503->27650 26506 41c580 HeapCreate 26506->25522 27661 427f4b HeapAlloc HeapAlloc 26507->27661 26509 40108a 26510 41152d 26509->26510 26511 427b1d 16 API calls 26510->26511 26512 411538 26511->26512 26513 427a6c 11 API calls 26512->26513 26514 411553 26513->26514 27662 40a008 26514->27662 27672 427f4b HeapAlloc HeapAlloc 26517->27672 26519 401099 26520 40fc47 memset 26519->26520 26520->25530 26522 428040 HeapAlloc 26521->26522 26523 40f48c 26522->26523 27673 427f4b HeapAlloc HeapAlloc 26523->27673 26525 40f49f InitializeCriticalSection 26525->25532 26526->25534 26527->25536 27674 4298d0 HeapCreate HeapAlloc 26528->27674 26530 4010b7 26531 427b1d 26530->26531 26532 4010cc 26531->26532 26533 427b29 26531->26533 26542 427a6c RtlAllocateHeap 26532->26542 27675 427ce3 EnterCriticalSection HeapFree LeaveCriticalSection HeapFree 26533->27675 26535 427b30 27676 428437 9 API calls 26535->27676 26537 427b38 26538 427b51 HeapFree 26537->26538 26541 427b63 26537->26541 26538->26538 26538->26541 26539 427b75 HeapFree 26539->26532 26540 427b69 HeapFree 26540->26539 26541->26539 26541->26540 26543 427a8b HeapAlloc 26542->26543 26544 427a9e 26542->26544 26543->26544 27677 42807b 26544->27677 27694 40a000 26547->27694 26550 40490d 26551 404941 26550->26551 26552 404924 ReleaseMutex CloseHandle 26550->26552 27697 429a70 26551->27697 26552->26551 26555->25553 27706 411437 26556->27706 26559 4113b6 memset 26560 4113f3 26559->26560 26560->25554 27717 429c80 26561->27717 26564 40f4e5 memmove 26565 40f4fa 26564->26565 26565->25559 26567 41bf1e 26566->26567 26568 429c80 RtlReAllocateHeap 26567->26568 26569 41bf65 26568->26569 26570 40117e 26569->26570 26571 41bf79 wcsncpy 26569->26571 26572 41bf94 26570->26572 26571->26570 26573 40118c 26572->26573 26574 41bf9b SetCurrentDirectoryW 26572->26574 26575 41bfa4 26573->26575 26574->26573 26576 429c80 RtlReAllocateHeap 26575->26576 26577 41bfb7 GetTempPathW LoadLibraryW 26576->26577 26578 41bff2 26577->26578 26579 41bfd4 GetProcAddress 26577->26579 26578->25565 26580 41bfe4 GetLongPathNameW 26579->26580 26581 41bfeb FreeLibrary 26579->26581 26580->26581 26581->26578 26583 42995f wcslen 26582->26583 26585 42997e 26582->26585 26584 429c80 RtlReAllocateHeap 26583->26584 26584->26585 26585->25567 26587 407034 26586->26587 26587->26587 26588 407041 CoCreateGuid 26587->26588 26589 407059 26588->26589 26600 4070ab 26588->26600 27720 428df0 26589->27720 26591 429a70 HeapFree 26593 4070cd 26591->26593 26595 429a70 HeapFree 26593->26595 26594 4299b0 2 API calls 26596 407074 26594->26596 26597 4011b3 26595->26597 26598 40707d StringFromGUID2 26596->26598 26597->25570 27724 41c5d0 MultiByteToWideChar MultiByteToWideChar RtlReAllocateHeap 26598->27724 26600->26591 26602 4299e3 HeapReAlloc 26601->26602 26603 4299c7 RtlAllocateHeap 26601->26603 26604 429a04 26602->26604 26603->26604 26604->25573 26606 41c015 wcsncpy wcslen 26605->26606 26608 4011d3 26605->26608 26607 41c046 CreateDirectoryW 26606->26607 26607->26608 26608->25576 26608->25577 27725 41b4c0 26610->27725 26612 401259 26612->25594 26612->25595 26616 41b659 26613->26616 26614 41b691 26614->25599 26615 41b671 GetFileSize 26615->25599 26616->26614 26616->26615 27759 41b3f0 26616->27759 26619 41b6b2 26618->26619 26620 40128a 26619->26620 26621 41b6d2 SetFilePointer 26619->26621 26622 41b3f0 WriteFile 26619->26622 26624 41b6f0 26620->26624 26621->26620 26623 41b6c4 26622->26623 26623->26621 26625 41b714 26624->26625 26626 41b74a 26625->26626 26627 41b721 26625->26627 26628 41b737 ReadFile 26625->26628 26626->25604 27762 41bc80 26627->27762 26628->26626 26630 41b72a 26630->25604 26632 41b4c0 10 API calls 26631->26632 26633 401346 26632->26633 26633->25617 26633->25624 26635 41b777 26634->26635 26636 41b7aa 26635->26636 26637 41b785 26635->26637 26638 41b797 ReadFile 26635->26638 26636->25624 26639 41bc80 6 API calls 26637->26639 26638->26636 26640 41b78e 26639->26640 26640->25624 26642 41b7da 26641->26642 26643 41b808 26642->26643 26644 41b7f5 WriteFile 26642->26644 26645 41b7e8 26642->26645 26643->25624 26644->26643 27774 41bdb0 26645->27774 26647 41b7f1 26647->25624 26650 41b438 26648->26650 26649 4013b5 26649->25629 26650->26649 26651 41b46c FindCloseChangeNotification 26650->26651 26652 41b3f0 WriteFile 26650->26652 26653 427f10 2 API calls 26651->26653 26654 41b459 RtlFreeHeap 26652->26654 26653->26649 26654->26651 26656 40a000 2 API calls 26655->26656 26657 404962 26656->26657 26658 40a000 2 API calls 26657->26658 26659 40496f SetupIterateCabinetW 26658->26659 26660 40498e 26659->26660 26661 429a70 HeapFree 26660->26661 26662 404996 26661->26662 26663 429a70 HeapFree 26662->26663 26664 401435 26663->26664 26664->25637 26664->25638 26666 41c0a0 26665->26666 26667 401488 26665->26667 26666->26667 26668 41c0aa wcsncpy wcslen 26666->26668 26667->25648 26667->25649 26669 41c0dc 26668->26669 26670 41c125 FindFirstFileW 26669->26670 26671 41c0eb 26669->26671 26675 41c180 26670->26675 26676 41c14e FindClose 26670->26676 26672 41c0f0 wcscat 26671->26672 26673 41c103 GetDriveTypeW 26671->26673 26672->26673 26673->26667 26675->26667 26677 41c1a6 GetFileAttributesW 26675->26677 26676->26667 26679 41c1b7 26677->26679 26680 41c1bd GetDriveTypeW 26677->26680 26679->26667 26680->26667 26680->26679 26682 410024 29 API calls 26681->26682 26683 40fcc1 CreateFileW 26682->26683 26685 40fcf9 CreateFileW 26683->26685 26686 40fd3d GetFileSize 26683->26686 26687 40fd14 CreateFileW 26685->26687 26688 40fd2a 26685->26688 26689 40fd89 26686->26689 26690 40fd59 ReadFile 26686->26690 26687->26688 26688->26686 26691 40ffbc wcslen HeapAlloc 26688->26691 26696 40fe51 HeapAlloc 26689->26696 26697 40fdc9 HeapAlloc 26689->26697 26703 40fe7b 26689->26703 26692 40fd73 memcmp 26690->26692 26693 40fd98 SetFilePointer 26690->26693 26694 40fff0 wcscpy 26691->26694 26695 40161a 26691->26695 26692->26689 26692->26693 26693->26689 26694->26695 26695->25680 26988 410007 6 API calls 26695->26988 26696->26695 26698 40fe64 ReadFile 26696->26698 26699 40fddc HeapAlloc 26697->26699 26697->26703 26698->26703 26699->26695 26700 40fdfd ReadFile 26699->26700 27785 429d20 26700->27785 26703->26695 26703->26703 26704 40fc7e HeapAlloc HeapAlloc 26703->26704 26704->26703 26706 41b4c0 10 API calls 26705->26706 26707 401959 26706->26707 26707->25703 26707->25898 26709 40a000 2 API calls 26708->26709 26710 409313 26709->26710 26711 40a000 2 API calls 26710->26711 26712 409320 26711->26712 27787 428920 26712->27787 26715 4299b0 2 API calls 26716 40934a 26715->26716 26717 428920 10 API calls 26716->26717 26718 40936a 26717->26718 26719 4299b0 2 API calls 26718->26719 26720 409374 26719->26720 26721 428920 10 API calls 26720->26721 26722 409394 26721->26722 26723 4299b0 2 API calls 26722->26723 26724 40939e 26723->26724 26725 428920 10 API calls 26724->26725 26726 4093be 26725->26726 26727 4299b0 2 API calls 26726->26727 26728 4093c8 26727->26728 26729 40f50d 3 API calls 26728->26729 26730 4093e5 26729->26730 26731 428920 10 API calls 26730->26731 26732 409404 26731->26732 26733 4299b0 2 API calls 26732->26733 26734 40940e 26733->26734 26735 40f50d 3 API calls 26734->26735 26736 40942b 26735->26736 26737 428920 10 API calls 26736->26737 26738 40944a 26737->26738 26739 4299b0 2 API calls 26738->26739 26740 409454 26739->26740 26741 40f50d 3 API calls 26740->26741 26742 409471 26741->26742 26743 428920 10 API calls 26742->26743 26744 409490 26743->26744 26745 4299b0 2 API calls 26744->26745 26746 40949a 26745->26746 26747 40f50d 3 API calls 26746->26747 26748 4094b7 26747->26748 26749 428920 10 API calls 26748->26749 26750 4094d6 26749->26750 26751 4299b0 2 API calls 26750->26751 26752 4094e0 26751->26752 26753 406de3 6 API calls 26752->26753 26754 4094fc 26753->26754 26755 428920 10 API calls 26754->26755 26756 40951b 26755->26756 26757 4299b0 2 API calls 26756->26757 26758 409525 26757->26758 27790 406f6d 26758->27790 26761 428920 10 API calls 26762 409560 26761->26762 26763 4299b0 2 API calls 26762->26763 26764 40956a 26763->26764 27807 406eac 26764->27807 26767 428920 10 API calls 26768 4095a5 26767->26768 26769 4299b0 2 API calls 26768->26769 26770 4095af 26769->26770 27824 406987 26770->27824 26773 428920 10 API calls 26774 4095ea 26773->26774 26775 4299b0 2 API calls 26774->26775 26776 4095f4 26775->26776 27841 406c0e 26776->27841 26779 428920 10 API calls 26780 40962f 26779->26780 26781 4299b0 2 API calls 26780->26781 26782 409639 26781->26782 27859 406cf1 26782->27859 26785 428920 10 API calls 26786 409674 26785->26786 26787 4299b0 2 API calls 26786->26787 26788 40967e 26787->26788 27877 4066c8 26788->27877 26791 428920 10 API calls 26792 4096b9 26791->26792 26793 4299b0 2 API calls 26792->26793 26794 4096c3 26793->26794 27895 4067ab 26794->27895 26797 428920 10 API calls 26798 4096fe 26797->26798 26799 4299b0 2 API calls 26798->26799 26800 409708 26799->26800 27913 406a48 26800->27913 26803 428920 10 API calls 26804 409743 26803->26804 26805 4299b0 2 API calls 26804->26805 26806 40974d 26805->26806 27931 406b2b 26806->27931 26809 428920 10 API calls 26810 409788 26809->26810 26811 4299b0 2 API calls 26810->26811 26812 409792 26811->26812 27949 40688e 26812->27949 26815 428920 10 API calls 26816 4097cd 26815->26816 26817 4299b0 2 API calls 26816->26817 26818 4097d7 26817->26818 27967 40633c 26818->27967 26821 428920 10 API calls 26822 409812 26821->26822 26823 4299b0 2 API calls 26822->26823 26824 40981c 26823->26824 27985 40641f 26824->27985 26827 428920 10 API calls 26828 409857 26827->26828 26829 4299b0 2 API calls 26828->26829 26830 409861 26829->26830 28003 406176 26830->28003 26833 428920 10 API calls 26834 40989c 26833->26834 26835 4299b0 2 API calls 26834->26835 26836 4098a6 26835->26836 28021 406259 26836->28021 26839 428920 10 API calls 26840 4098e1 26839->26840 26841 4299b0 2 API calls 26840->26841 26842 4098eb 26841->26842 28039 428b30 26842->28039 26844 409919 26845 428920 10 API calls 26844->26845 26846 409938 26845->26846 26847 4299b0 2 API calls 26846->26847 26851 409942 26847->26851 26848 409984 26850 429950 2 API calls 26848->26850 26849 428950 10 API calls 26849->26851 26852 409992 26850->26852 26851->26848 26851->26849 26853 4299b0 2 API calls 26851->26853 26854 429a70 HeapFree 26852->26854 26853->26851 26855 4099b3 26854->26855 26856 429a70 HeapFree 26855->26856 26857 4021f1 26856->26857 26857->25765 26859 410045 26858->26859 26860 4100e7 26859->26860 26862 410066 WideCharToMultiByte HeapAlloc 26859->26862 26861 41010a HeapFree 26860->26861 26863 410114 26860->26863 26861->26863 26864 410094 26862->26864 26865 41009b WideCharToMultiByte 26862->26865 26866 410124 HeapFree 26863->26866 26867 4024e5 26863->26867 26864->26867 26865->26860 26868 4100b6 26865->26868 26866->26867 26871 410143 26867->26871 26869 4100be _stricmp 26868->26869 26870 4100d3 26868->26870 26869->26868 26869->26870 26870->26860 28066 41022d 26871->28066 26874 4101e8 26878 4101fa wcslen 26874->26878 26875 41015b MultiByteToWideChar 26877 429c80 RtlReAllocateHeap 26875->26877 26879 41018f MultiByteToWideChar 26877->26879 26880 429c80 RtlReAllocateHeap 26878->26880 26884 4101a6 26879->26884 26885 4101e6 26879->26885 26881 41020c 26880->26881 26882 41021b wcscpy 26881->26882 26882->26885 26883 4101d7 wcslen 26883->26885 26884->26883 26884->26885 26885->25870 26887 428650 10 API calls 26886->26887 26888 402522 26887->26888 26888->25910 26890 428df0 RtlReAllocateHeap 26889->26890 26891 406e00 26890->26891 26892 4299b0 2 API calls 26891->26892 26893 406e0a GetSystemDirectoryW 26892->26893 26894 406e20 26893->26894 26895 406e77 26893->26895 26897 428c10 RtlReAllocateHeap 26894->26897 26896 429950 2 API calls 26895->26896 26898 406e85 26896->26898 26900 406e35 26897->26900 26899 429a70 HeapFree 26898->26899 26901 4030dd 26899->26901 26900->26895 26902 429950 2 API calls 26900->26902 26901->26004 26903 406e63 26902->26903 26904 429950 2 API calls 26903->26904 26905 406e6d 26904->26905 26906 4299b0 2 API calls 26905->26906 26906->26895 26946->25557 26947->25581 26949 41c085 8 API calls 26948->26949 26951 4049b2 26949->26951 26950 4011fd 26953 4048a2 ReleaseMutex CloseHandle CoUninitialize 26950->26953 26951->26950 28989 41c1f3 26951->28989 26953->25588 26954->25623 26955->25588 26956->25598 26957->25588 26958->25641 26959->25588 29020 426b6d CreateFileW 26960->29020 26963->25665 26965 426c69 26964->26965 26966 426c73 GetObjectType 26965->26966 26967 426ca1 26965->26967 26966->26967 26968 426c84 26966->26968 26967->25671 26968->26967 26969 42709d 4 API calls 26968->26969 26970 426cb9 26969->26970 26971 426d96 DeleteObject 26970->26971 26972 426cc4 CreateCompatibleDC 26970->26972 26971->26967 26973 426d95 26972->26973 26974 426cd9 CreateCompatibleDC 26972->26974 26973->26971 26975 426ce7 SelectObject SelectObject 26974->26975 26976 426d8c DeleteDC 26974->26976 29032 425ecc 11 API calls 26975->29032 26976->26973 26978 426d05 26979 426d09 26978->26979 26980 426d2f 26978->26980 26982 426d4d SetStretchBltMode 26979->26982 26983 426d0e 26979->26983 26981 426d34 SetStretchBltMode SetBrushOrgEx 26980->26981 26980->26982 26984 426d58 StretchBlt 26981->26984 26982->26984 29033 426a47 15 API calls 26983->29033 26986 426d83 DeleteDC 26984->26986 26987 426d26 26984->26987 26986->26976 26987->26986 26988->25684 26990 408b09 26989->26990 26990->26990 26991 427766 4 API calls 26990->26991 26992 408b3b 26991->26992 26993 408e10 26992->26993 26994 408b50 26992->26994 26996 429950 2 API calls 26993->26996 26995 4279d1 2 API calls 26994->26995 26997 408b61 26995->26997 26998 408e05 26996->26998 27000 427698 3 API calls 26997->27000 26999 429a70 HeapFree 26998->26999 27001 408e45 26999->27001 27002 408b8e GetSystemInfo 27000->27002 27003 429a70 HeapFree 27001->27003 29034 4291b0 27002->29034 27005 408e51 27003->27005 27005->25694 27006 408bb1 27007 429950 2 API calls 27006->27007 27008 408bbb 27007->27008 27009 4291b0 RtlReAllocateHeap 27008->27009 27010 408bcd 27009->27010 27011 4299b0 2 API calls 27010->27011 27012 408bdb 27011->27012 27013 408bf1 27012->27013 27014 408c07 27012->27014 27015 40a008 4 API calls 27013->27015 27016 408c16 27014->27016 27017 408c2c 27014->27017 27031 408c02 27015->27031 27018 40a008 4 API calls 27016->27018 27020 408c92 27017->27020 27021 408c3b 27017->27021 27018->27031 27019 429950 2 API calls 27019->26998 27024 408ca1 27020->27024 27025 408cda 27020->27025 27022 408c69 27021->27022 27023 408c7c 27021->27023 27026 40a008 4 API calls 27022->27026 27027 40a008 4 API calls 27023->27027 27028 408cb1 27024->27028 27029 408cc4 27024->27029 27033 408d22 27025->27033 27034 408ce9 27025->27034 27026->27031 27027->27031 27032 40a008 4 API calls 27028->27032 27030 40a008 4 API calls 27029->27030 27030->27031 27031->27019 27032->27031 27039 408d31 27033->27039 27040 408d6a 27033->27040 27035 408cf9 27034->27035 27036 408d0c 27034->27036 27037 40a008 4 API calls 27035->27037 27038 40a008 4 API calls 27036->27038 27037->27031 27038->27031 27041 408d41 27039->27041 27042 408d54 27039->27042 27045 408d79 27040->27045 27050 408daf 27040->27050 27043 40a008 4 API calls 27041->27043 27044 40a008 4 API calls 27042->27044 27043->27031 27044->27031 27046 408d89 27045->27046 27047 408d9c 27045->27047 27048 40a008 4 API calls 27046->27048 27049 40a008 4 API calls 27047->27049 27048->27031 27049->27031 27050->27031 27051 408de1 27050->27051 27052 408dce 27050->27052 27054 40a008 4 API calls 27051->27054 27053 40a008 4 API calls 27052->27053 27053->27031 27054->27031 27055->25695 27056->25702 27057->25712 27058->25718 27059->25729 27060->25738 27061->25746 27062->25756 27063->25763 29043 40fa07 27064->29043 27066 41002e 27066->25680 27067->25687 27068->25588 27069->25898 27070->25898 27071->25898 27072->25898 27073->25787 27074->25787 27075->25782 27076->25786 27077->25796 27078->25805 27079->25816 27080->25826 27081->25835 27082->25860 27083->25872 27084->25887 27085->25953 27086->25965 27087->26021 27088->26059 27089->26080 27090->26127 27091->26188 27092->26194 27093->26211 27094->26213 27095->26245 27096->26246 27097->25794 29075 4242c5 27098->29075 27102 424608 27101->27102 27102->25885 27104 42462a 27103->27104 27105 424630 GetClientRect GetMenu 27104->27105 27106 40235b 27104->27106 27105->27106 27107 42464f 27105->27107 27109 42466b 27106->27109 27107->27106 27108 424655 GetSystemMetrics 27107->27108 27108->27106 27110 42467f 27109->27110 27111 424683 GetClientRect 27110->27111 27112 402366 27110->27112 27111->27112 27113 4201e2 27112->27113 29109 4200e8 27113->29109 27116->25962 27117->25924 27118->25937 27119->25937 27120->25993 27121->26005 27123 42411c 27122->27123 27124 4241f6 27123->27124 27125 424126 GetWindow 27123->27125 27124->25789 27126 424141 RemovePropW RemovePropW 27125->27126 27127 424134 27125->27127 27129 424167 27126->27129 27130 42415f RevokeDragDrop 27126->27130 27127->27126 27128 42413a SetActiveWindow 27127->27128 27128->27126 27131 424180 KiUserCallbackDispatcher 27129->27131 27132 42416e SendMessageW 27129->27132 27130->27129 27143->25832 27144->25588 27145->25802 27146->25823 29127 420267 27147->29127 27150 420990 17 API calls 27150->25861 27152 4209fc _strftime 27151->27152 27153 420a45 CreateWindowExW 27152->27153 27154 420a0e memset 27152->27154 27156 402d5c 27153->27156 27157 420a89 27153->27157 27154->27153 27161 420aad 27156->27161 27158 427e22 3 API calls 27157->27158 27159 420a97 27158->27159 27160 42352c 4 API calls 27159->27160 27160->27156 27162 4209ea 9 API calls 27161->27162 27163 402d7d 27162->27163 27163->25900 27164->25955 27165->25955 27166->25950 27167->25588 27634->26442 27636 401058 27635->27636 27636->26445 27637->26451 27639 425d13 LoadLibraryW 27638->27639 27640 425ccb GetProcAddress 27638->27640 27643 425d20 GetProcAddress 27639->27643 27644 425d4f 27639->27644 27641 425cda memset 27640->27641 27642 425d0c FreeLibrary 27640->27642 27646 425cf8 27641->27646 27642->27639 27645 425d48 FreeLibrary 27643->27645 27647 425d2c 27643->27647 27644->26457 27645->27644 27646->27642 27647->27645 27648->26463 27649->26468 27651 427766 4 API calls 27650->27651 27652 41cb5b 27651->27652 27653 401080 27652->27653 27657 4279d1 27652->27657 27653->26506 27655 41cb72 27656 427698 3 API calls 27655->27656 27656->27653 27658 427a23 27657->27658 27659 4279e2 27657->27659 27658->27655 27659->27658 27660 4279f7 WideCharToMultiByte GetProcAddress 27659->27660 27660->27658 27661->26509 27665 429bd0 27662->27665 27664 40a00f 27664->25526 27666 429be1 wcslen 27665->27666 27667 429c4d 27665->27667 27668 429c16 HeapReAlloc 27666->27668 27669 429bf8 HeapAlloc 27666->27669 27670 429c55 HeapFree 27667->27670 27671 429c38 27667->27671 27668->27671 27669->27671 27670->27671 27671->27664 27672->26519 27673->26525 27674->26530 27675->26535 27676->26537 27678 42809a 27677->27678 27679 428161 HeapAlloc 27678->27679 27680 4280ab 27678->27680 27682 4281a5 27679->27682 27683 428178 27679->27683 27693 4284e6 LoadLibraryA GetProcAddress FreeLibrary Sleep 27680->27693 27684 4010e7 27682->27684 27683->27682 27686 428196 InitializeCriticalSection 27683->27686 27684->25543 27685 4280ba EnterCriticalSection 27688 4280cc 27685->27688 27686->27682 27687 4280ee HeapAlloc 27689 428103 27687->27689 27692 428119 LeaveCriticalSection 27687->27692 27688->27687 27688->27692 27690 42807b 4 API calls 27689->27690 27690->27692 27692->27684 27693->27685 27700 429b80 27694->27700 27698 429a7b HeapFree 27697->27698 27699 401117 27697->27699 27698->27699 27699->25549 27699->25550 27701 4048e3 CreateMutexW GetLastError 27700->27701 27702 429b8a wcslen HeapAlloc 27700->27702 27701->26550 27704 429ef0 27702->27704 27705 429f00 27704->27705 27705->27701 27707 411397 HeapAlloc 27706->27707 27711 411440 27706->27711 27707->26559 27707->26560 27708 411469 HeapFree 27708->27707 27709 411467 27709->27708 27711->27708 27711->27709 27712 40a010 27711->27712 27713 40a0da 27712->27713 27714 40a026 27712->27714 27713->27711 27714->27713 27715 40a010 HeapFree 27714->27715 27716 429a70 HeapFree 27714->27716 27715->27714 27716->27714 27718 429ca2 RtlReAllocateHeap 27717->27718 27719 40f4c2 GetModuleFileNameW wcscmp 27717->27719 27718->27719 27719->26564 27719->26565 27721 428df9 27720->27721 27722 429c80 RtlReAllocateHeap 27721->27722 27723 40706a 27722->27723 27723->26594 27724->26600 27741 427e22 27725->27741 27728 41b4e1 CreateFileW 27730 41b55c 27728->27730 27729 41b4fd 27731 41b502 CreateFileW 27729->27731 27732 41b51f 27729->27732 27734 41b56b 27730->27734 27736 41b5b6 27730->27736 27731->27730 27732->27730 27733 41b524 CreateFileW 27732->27733 27733->27730 27737 41b546 CreateFileW 27733->27737 27738 41b574 RtlAllocateHeap 27734->27738 27739 41b588 27734->27739 27735 41b5ca 27735->26612 27736->27735 27750 427f10 27736->27750 27737->27730 27738->27739 27739->26612 27742 427e43 27741->27742 27743 427e2c 27741->27743 27745 427e6e 27742->27745 27746 427e4e HeapReAlloc 27742->27746 27757 4285d0 HeapAlloc 27743->27757 27748 427e88 HeapAlloc 27745->27748 27749 41b4da 27745->27749 27746->27745 27747 427e3f 27747->27749 27748->27749 27749->27728 27749->27729 27751 427f3c 27750->27751 27752 427f1c 27750->27752 27758 428590 HeapFree 27751->27758 27752->27751 27753 427f21 27752->27753 27755 427f46 27753->27755 27756 427f2c memset 27753->27756 27755->27735 27756->27755 27757->27747 27758->27755 27760 41b401 WriteFile 27759->27760 27761 41b422 27759->27761 27760->27761 27761->26615 27763 41bc8d 27762->27763 27767 41bc93 27762->27767 27764 41b3f0 WriteFile 27763->27764 27764->27767 27765 41bd1a memcpy 27769 41bd63 ReadFile 27765->27769 27770 41bd3f ReadFile 27765->27770 27766 41bcac 27768 41bcdf 27766->27768 27773 41bcc5 memcpy 27766->27773 27767->27765 27767->27766 27768->26630 27771 41bd84 27769->27771 27772 41bd86 memcpy 27769->27772 27770->26630 27771->27772 27772->26630 27773->26630 27775 41bde5 27774->27775 27776 41bdc5 SetFilePointer 27774->27776 27777 41bdf0 27775->27777 27778 41be5e 27775->27778 27776->27775 27780 41be23 27777->27780 27784 41be09 memcpy 27777->27784 27779 41b3f0 WriteFile 27778->27779 27781 41be64 27779->27781 27780->26647 27782 41be8b memcpy 27781->27782 27783 41be6b WriteFile 27781->27783 27782->26647 27783->26647 27784->26647 27786 40fe35 HeapFree 27785->27786 27786->26703 28043 428650 27787->28043 27791 40f50d 3 API calls 27790->27791 27792 406f8a 27791->27792 27793 4299b0 2 API calls 27792->27793 27794 406f9b 27793->27794 27795 406ff9 27794->27795 27797 428c10 RtlReAllocateHeap 27794->27797 27796 429950 2 API calls 27795->27796 27798 407007 27796->27798 27799 406fb7 27797->27799 27800 429a70 HeapFree 27798->27800 27799->27795 27802 429950 2 API calls 27799->27802 27801 407028 27800->27801 27801->26761 27803 406fe5 27802->27803 27804 429950 2 API calls 27803->27804 27805 406fef 27804->27805 27806 4299b0 2 API calls 27805->27806 27806->27795 27808 40f50d 3 API calls 27807->27808 27809 406ec9 27808->27809 27810 4299b0 2 API calls 27809->27810 27811 406eda 27810->27811 27812 406f38 27811->27812 27814 428c10 RtlReAllocateHeap 27811->27814 27813 429950 2 API calls 27812->27813 27815 406f46 27813->27815 27818 406ef6 27814->27818 27816 429a70 HeapFree 27815->27816 27817 406f67 27816->27817 27817->26767 27818->27812 27819 429950 2 API calls 27818->27819 27820 406f24 27819->27820 27821 429950 2 API calls 27820->27821 27822 406f2e 27821->27822 27823 4299b0 2 API calls 27822->27823 27823->27812 27825 40f50d 3 API calls 27824->27825 27826 4069a4 27825->27826 27827 4299b0 2 API calls 27826->27827 27828 4069b5 27827->27828 27829 406a13 27828->27829 27831 428c10 RtlReAllocateHeap 27828->27831 27830 429950 2 API calls 27829->27830 27832 406a21 27830->27832 27834 4069d1 27831->27834 27833 429a70 HeapFree 27832->27833 27835 406a42 27833->27835 27834->27829 27836 429950 2 API calls 27834->27836 27835->26773 27837 4069ff 27836->27837 27838 429950 2 API calls 27837->27838 27839 406a09 27838->27839 27840 4299b0 2 API calls 27839->27840 27840->27829 27842 428df0 RtlReAllocateHeap 27841->27842 27843 406c2c 27842->27843 27844 4299b0 2 API calls 27843->27844 27845 406c3d SHGetSpecialFolderLocation SHGetPathFromIDListW 27844->27845 27846 406c65 27845->27846 27847 406cbc 27845->27847 27849 428c10 RtlReAllocateHeap 27846->27849 27848 429950 2 API calls 27847->27848 27850 406cca 27848->27850 27852 406c7a 27849->27852 27851 429a70 HeapFree 27850->27851 27853 406ceb 27851->27853 27852->27847 27854 429950 2 API calls 27852->27854 27853->26779 27855 406ca8 27854->27855 27856 429950 2 API calls 27855->27856 27857 406cb2 27856->27857 27858 4299b0 2 API calls 27857->27858 27858->27847 27860 428df0 RtlReAllocateHeap 27859->27860 27861 406d0f 27860->27861 27862 4299b0 2 API calls 27861->27862 27863 406d20 SHGetSpecialFolderLocation SHGetPathFromIDListW 27862->27863 27864 406d48 27863->27864 27865 406d9f 27863->27865 27866 428c10 RtlReAllocateHeap 27864->27866 27867 429950 2 API calls 27865->27867 27869 406d5d 27866->27869 27868 406dad 27867->27868 27870 429a70 HeapFree 27868->27870 27869->27865 27872 429950 2 API calls 27869->27872 27871 406dce 27870->27871 27871->26785 27873 406d8b 27872->27873 27874 429950 2 API calls 27873->27874 27875 406d95 27874->27875 27876 4299b0 2 API calls 27875->27876 27876->27865 27878 428df0 RtlReAllocateHeap 27877->27878 27879 4066e6 27878->27879 27880 4299b0 2 API calls 27879->27880 27881 4066f7 SHGetSpecialFolderLocation SHGetPathFromIDListW 27880->27881 27882 406776 27881->27882 27883 40671f 27881->27883 27885 429950 2 API calls 27882->27885 27884 428c10 RtlReAllocateHeap 27883->27884 27887 406734 27884->27887 27886 406784 27885->27886 27888 429a70 HeapFree 27886->27888 27887->27882 27890 429950 2 API calls 27887->27890 27889 4067a5 27888->27889 27889->26791 27891 406762 27890->27891 27892 429950 2 API calls 27891->27892 27893 40676c 27892->27893 27894 4299b0 2 API calls 27893->27894 27894->27882 27896 428df0 RtlReAllocateHeap 27895->27896 27897 4067c9 27896->27897 27898 4299b0 2 API calls 27897->27898 27899 4067da SHGetSpecialFolderLocation SHGetPathFromIDListW 27898->27899 27900 406802 27899->27900 27901 406859 27899->27901 27903 428c10 RtlReAllocateHeap 27900->27903 27902 429950 2 API calls 27901->27902 27904 406867 27902->27904 27906 406817 27903->27906 27905 429a70 HeapFree 27904->27905 27907 406888 27905->27907 27906->27901 27908 429950 2 API calls 27906->27908 27907->26797 27909 406845 27908->27909 27910 429950 2 API calls 27909->27910 27911 40684f 27910->27911 27912 4299b0 2 API calls 27911->27912 27912->27901 27914 428df0 RtlReAllocateHeap 27913->27914 27915 406a66 27914->27915 27916 4299b0 2 API calls 27915->27916 27917 406a77 SHGetSpecialFolderLocation SHGetPathFromIDListW 27916->27917 27918 406af6 27917->27918 27919 406a9f 27917->27919 27921 429950 2 API calls 27918->27921 27920 428c10 RtlReAllocateHeap 27919->27920 27923 406ab4 27920->27923 27922 406b04 27921->27922 27924 429a70 HeapFree 27922->27924 27923->27918 27926 429950 2 API calls 27923->27926 27925 406b25 27924->27925 27925->26803 27927 406ae2 27926->27927 27928 429950 2 API calls 27927->27928 27929 406aec 27928->27929 27930 4299b0 2 API calls 27929->27930 27930->27918 27932 428df0 RtlReAllocateHeap 27931->27932 27933 406b49 27932->27933 27934 4299b0 2 API calls 27933->27934 27935 406b5a SHGetSpecialFolderLocation SHGetPathFromIDListW 27934->27935 27936 406b82 27935->27936 27937 406bd9 27935->27937 27939 428c10 RtlReAllocateHeap 27936->27939 27938 429950 2 API calls 27937->27938 27940 406be7 27938->27940 27942 406b97 27939->27942 27941 429a70 HeapFree 27940->27941 27943 406c08 27941->27943 27942->27937 27944 429950 2 API calls 27942->27944 27943->26809 27945 406bc5 27944->27945 27946 429950 2 API calls 27945->27946 27947 406bcf 27946->27947 27948 4299b0 2 API calls 27947->27948 27948->27937 27950 428df0 RtlReAllocateHeap 27949->27950 27951 4068ac 27950->27951 27952 4299b0 2 API calls 27951->27952 27953 4068bd SHGetSpecialFolderLocation SHGetPathFromIDListW 27952->27953 27954 4068e5 27953->27954 27955 40693c 27953->27955 27957 428c10 RtlReAllocateHeap 27954->27957 27956 429950 2 API calls 27955->27956 27958 40694a 27956->27958 27959 4068fa 27957->27959 27960 429a70 HeapFree 27958->27960 27959->27955 27962 429950 2 API calls 27959->27962 27961 40696b 27960->27961 27961->26815 27963 406928 27962->27963 27964 429950 2 API calls 27963->27964 27965 406932 27964->27965 27966 4299b0 2 API calls 27965->27966 27966->27955 27968 428df0 RtlReAllocateHeap 27967->27968 27969 40635a 27968->27969 27970 4299b0 2 API calls 27969->27970 27971 40636b SHGetSpecialFolderLocation SHGetPathFromIDListW 27970->27971 27972 406393 27971->27972 27973 4063ea 27971->27973 27975 428c10 RtlReAllocateHeap 27972->27975 27974 429950 2 API calls 27973->27974 27976 4063f8 27974->27976 27978 4063a8 27975->27978 27977 429a70 HeapFree 27976->27977 27979 406419 27977->27979 27978->27973 27980 429950 2 API calls 27978->27980 27979->26821 27981 4063d6 27980->27981 27982 429950 2 API calls 27981->27982 27983 4063e0 27982->27983 27984 4299b0 2 API calls 27983->27984 27984->27973 27986 428df0 RtlReAllocateHeap 27985->27986 27987 40643d 27986->27987 27988 4299b0 2 API calls 27987->27988 27989 40644e SHGetSpecialFolderLocation SHGetPathFromIDListW 27988->27989 27990 406476 27989->27990 27991 4064cd 27989->27991 27993 428c10 RtlReAllocateHeap 27990->27993 27992 429950 2 API calls 27991->27992 27994 4064db 27992->27994 27996 40648b 27993->27996 27995 429a70 HeapFree 27994->27995 27997 4064fc 27995->27997 27996->27991 27998 429950 2 API calls 27996->27998 27997->26827 27999 4064b9 27998->27999 28000 429950 2 API calls 27999->28000 28001 4064c3 28000->28001 28002 4299b0 2 API calls 28001->28002 28002->27991 28004 428df0 RtlReAllocateHeap 28003->28004 28005 406194 28004->28005 28006 4299b0 2 API calls 28005->28006 28007 4061a5 SHGetSpecialFolderLocation SHGetPathFromIDListW 28006->28007 28008 406224 28007->28008 28009 4061cd 28007->28009 28010 429950 2 API calls 28008->28010 28011 428c10 RtlReAllocateHeap 28009->28011 28012 406232 28010->28012 28013 4061e2 28011->28013 28014 429a70 HeapFree 28012->28014 28013->28008 28016 429950 2 API calls 28013->28016 28015 406253 28014->28015 28015->26833 28017 406210 28016->28017 28018 429950 2 API calls 28017->28018 28019 40621a 28018->28019 28020 4299b0 2 API calls 28019->28020 28020->28008 28022 428df0 RtlReAllocateHeap 28021->28022 28023 406277 28022->28023 28024 4299b0 2 API calls 28023->28024 28025 406288 SHGetSpecialFolderLocation SHGetPathFromIDListW 28024->28025 28026 4062b0 28025->28026 28027 406307 28025->28027 28029 428c10 RtlReAllocateHeap 28026->28029 28028 429950 2 API calls 28027->28028 28030 406315 28028->28030 28032 4062c5 28029->28032 28031 429a70 HeapFree 28030->28031 28033 406336 28031->28033 28032->28027 28034 429950 2 API calls 28032->28034 28033->26839 28035 4062f3 28034->28035 28036 429950 2 API calls 28035->28036 28037 4062fd 28036->28037 28038 4299b0 2 API calls 28037->28038 28038->28027 28040 428b3b 28039->28040 28041 429c80 RtlReAllocateHeap 28040->28041 28042 428b55 28041->28042 28042->26844 28044 428664 28043->28044 28045 42874f 28044->28045 28046 4286f0 28044->28046 28047 42876a 28045->28047 28048 42875d _wcsdup 28045->28048 28049 428722 wcsncpy 28046->28049 28052 409340 28046->28052 28050 428789 28047->28050 28051 42877c _wcsdup 28047->28051 28048->28047 28049->28046 28053 428797 _wcsdup 28050->28053 28055 4287a4 28050->28055 28051->28050 28052->26715 28053->28055 28054 429c80 RtlReAllocateHeap 28056 428815 28054->28056 28055->28054 28057 428857 wcsncpy 28056->28057 28058 42881b 28056->28058 28061 42886a 28056->28061 28057->28061 28059 4288b4 free 28058->28059 28060 4288bd 28058->28060 28059->28060 28062 4288d1 28060->28062 28063 4288c4 free 28060->28063 28061->28058 28065 428901 wcsncpy 28061->28065 28062->28052 28064 4288d8 free 28062->28064 28063->28062 28064->28052 28065->28061 28067 410241 28066->28067 28068 410151 28067->28068 28069 410267 WideCharToMultiByte HeapAlloc 28067->28069 28070 41025f 28067->28070 28068->26874 28068->26875 28071 410298 28069->28071 28072 41029c WideCharToMultiByte 28069->28072 28070->28069 28071->28068 28073 4102b4 28072->28073 28074 4102e3 28073->28074 28075 4102cd _stricmp 28073->28075 28074->28068 28076 4102f2 HeapFree 28074->28076 28075->28073 28075->28074 28076->28068 28990 41c20e 28989->28990 28999 41c49c 28989->28999 28991 41c217 wcsncpy wcslen 28990->28991 28990->28999 28992 41c255 wcscpy 28991->28992 28993 41c23a 28991->28993 28995 41c281 28992->28995 28996 41c37a 28992->28996 28993->28992 28994 41c242 wcscat 28993->28994 28994->28992 28995->28996 28998 41c28b wcscmp 28995->28998 28997 41c380 wcscpy wcscat FindFirstFileW 28996->28997 28997->28999 29007 41c3bf 28997->29007 28998->28996 29000 41c29c 28998->29000 28999->26950 29000->28997 29002 41c2a6 wcscpy wcscat FindFirstFileW 29000->29002 29001 41c3ca wcscpy wcscat 29001->29007 29003 41c371 29002->29003 29004 41c2e4 wcscpy wcscat 29002->29004 29003->28997 29009 41c354 FindNextFileW 29004->29009 29010 41c316 wcscmp 29004->29010 29005 41c458 DeleteFileW 29008 41c465 FindNextFileW 29005->29008 29006 41c44e SetFileAttributesW 29006->29005 29007->29001 29007->29005 29007->29006 29007->29008 29013 41c408 wcscmp 29007->29013 29008->29001 29012 41c47d FindClose 29008->29012 29009->29004 29011 41c36a FindClose 29009->29011 29010->29009 29014 41c32d wcscmp 29010->29014 29011->29003 29016 41c496 29012->29016 29017 41c48c SetFileAttributesW 29012->29017 29013->29008 29018 41c41f wcscmp 29013->29018 29014->29009 29015 41c344 29014->29015 29015->29009 29016->28999 29019 41c4a5 RemoveDirectoryW 29016->29019 29017->29016 29018->29007 29018->29008 29019->28999 29021 426bf8 29020->29021 29022 426b99 GetFileSize RtlAllocateHeap 29020->29022 29021->25670 29023 426bb9 ReadFile 29022->29023 29024 426bed FindCloseChangeNotification 29022->29024 29025 426bdf RtlFreeHeap 29023->29025 29026 426bcd 29023->29026 29024->29021 29025->29024 29026->29025 29029 426ffb 29026->29029 29030 426def 33 API calls 29029->29030 29031 426bdc 29030->29031 29031->29025 29032->26978 29033->26987 29035 4291e2 29034->29035 29036 4291cb 29034->29036 29038 429c80 RtlReAllocateHeap 29035->29038 29036->29035 29037 4291d2 29036->29037 29042 4290e0 RtlReAllocateHeap 29037->29042 29041 4291ef 29038->29041 29040 4291dd 29040->27006 29041->27006 29042->29040 29044 40fa16 29043->29044 29045 40fa29 29043->29045 29044->29045 29046 40fa20 CloseHandle 29044->29046 29048 40fa3a CreateFileW 29045->29048 29057 40fa5a 29045->29057 29046->29045 29047 40fbf3 29053 40fc0a 29047->29053 29074 428590 HeapFree 29047->29074 29052 40fa58 29048->29052 29048->29057 29049 40fbd5 29050 40fbeb FindCloseChangeNotification 29049->29050 29051 40fbdd HeapFree 29049->29051 29050->29047 29051->29050 29052->29057 29055 40fc20 29053->29055 29056 40fc12 HeapFree 29053->29056 29058 40fc35 memset 29055->29058 29059 40fc27 HeapFree 29055->29059 29056->29055 29057->29047 29057->29049 29060 40fac2 29057->29060 29063 40faab strlen 29057->29063 29064 40fa8e strlen strlen 29057->29064 29058->27066 29059->29058 29061 40fac6 SetFilePointer SetEndOfFile 29060->29061 29062 40fade HeapAlloc 29060->29062 29061->29049 29062->29049 29065 40fafb 29062->29065 29063->29057 29064->29057 29066 40fb06 strcpy strlen 29065->29066 29068 40fb1e 29065->29068 29066->29068 29067 40fb9e SetFilePointer WriteFile SetEndOfFile HeapFree 29067->29049 29068->29067 29069 40fb2b strcpy strcat 29068->29069 29071 40fb64 strcpy strcat 29068->29071 29072 40fb4b strcpy strcat 29068->29072 29070 40fb79 strcat 29069->29070 29073 40fb82 strcat strlen 29070->29073 29071->29070 29072->29073 29073->29068 29074->29047 29076 4242e4 29075->29076 29077 4242ee 29075->29077 29106 424fb1 HeapAlloc 29076->29106 29079 427e22 3 API calls 29077->29079 29080 4242fc 29079->29080 29107 431fc0 _vsnwprintf 29080->29107 29083 424323 memset RegisterClassW 29084 42438c AdjustWindowRectEx 29083->29084 29086 424413 29084->29086 29087 424461 29086->29087 29088 42442a GetSystemMetrics 29086->29088 29091 4244b7 CreateWindowExW 29087->29091 29094 424477 GetWindowRect 29087->29094 29095 42446d GetActiveWindow 29087->29095 29089 424437 29088->29089 29090 42443a GetSystemMetrics 29088->29090 29089->29090 29099 424451 29090->29099 29092 4244f1 SetPropW 29091->29092 29093 4245ac UnregisterClassW 29091->29093 29097 424507 ShowWindow 29092->29097 29098 424529 HeapAlloc CreateAcceleratorTableW 29092->29098 29096 427f10 2 API calls 29093->29096 29094->29099 29095->29091 29095->29094 29100 4245cd 29096->29100 29097->29098 29102 4245a1 29098->29102 29103 42459a 29098->29103 29099->29091 29100->25858 29102->29100 29108 4321c6 8 API calls _strftime 29103->29108 29106->29077 29107->29083 29108->29102 29110 4200fa _strftime 29109->29110 29111 42016c CreateWindowExW 29110->29111 29112 42010c memset GetSystemMetrics GetSystemMetrics 29110->29112 29113 4201a0 SetWindowLongW 29111->29113 29114 4201d9 29111->29114 29112->29111 29115 427e22 3 API calls 29113->29115 29114->25862 29116 4201c1 29115->29116 29120 42352c 29116->29120 29121 42353e _strftime 29120->29121 29122 42354d SetWindowLongW SetWindowLongW SetPropW SendMessageW 29121->29122 29128 420278 _strftime 29127->29128 29129 420288 memset 29128->29129 29130 4202db CreateWindowExW 29128->29130 29129->29130 29132 420329 29130->29132 29133 402d18 29130->29133 29134 427e22 3 API calls 29132->29134 29133->27150 29135 420337 29134->29135 29136 42352c 4 API calls 29135->29136 29136->29133 29477 415420 ftell 29478 416a20 free 29479 4154a0 fclose 29480 4153e0 fread 29481 412980 29482 41299c 29481->29482 29483 41298f 29481->29483 29482->29483 29485 4129af 29482->29485 29493 412690 free free 29482->29493 29486 4129db malloc 29485->29486 29487 4129cd 29485->29487 29488 4129ef malloc 29486->29488 29492 412a27 29486->29492 29489 412a1e free 29488->29489 29490 412a36 29488->29490 29489->29492 29491 412bc7 free 29490->29491 29490->29492 29493->29485 29494 40f5a1 memset 29495 40f5ff 29494->29495 29496 40f628 29495->29496 29497 40f641 CreatePipe 29495->29497 29498 40f6f1 29496->29498 29501 40f685 CreatePipe 29496->29501 29502 40f6b8 29496->29502 29497->29496 29499 40f658 29497->29499 29500 40f720 wcslen wcslen HeapAlloc 29498->29500 29505 40f701 GetStdHandle 29498->29505 29506 40f708 29498->29506 29563 40f56a GetCurrentProcess GetCurrentProcess DuplicateHandle CloseHandle 29499->29563 29515 40f767 wcscpy wcscat wcscat 29500->29515 29516 40f78a wcscpy 29500->29516 29501->29502 29507 40f69c 29501->29507 29502->29498 29503 40f6be CreatePipe 29502->29503 29503->29498 29510 40f6d5 29503->29510 29505->29506 29512 40f714 29506->29512 29513 40f70d GetStdHandle 29506->29513 29564 40f56a GetCurrentProcess GetCurrentProcess DuplicateHandle CloseHandle 29507->29564 29565 40f56a GetCurrentProcess GetCurrentProcess DuplicateHandle CloseHandle 29510->29565 29511 40f669 29511->29496 29512->29500 29518 40f719 GetStdHandle 29512->29518 29513->29512 29514 40f6ad 29514->29502 29519 40f793 29515->29519 29516->29519 29518->29500 29521 40f7b4 CreateProcessW 29519->29521 29522 40f79b wcscat wcscat 29519->29522 29520 40f6e6 29520->29498 29524 40f877 29521->29524 29525 40f7ef 29521->29525 29522->29521 29526 40f881 29524->29526 29527 40f87c CloseHandle 29524->29527 29528 40f7f4 CloseHandle 29525->29528 29529 40f7f9 29525->29529 29530 40f886 CloseHandle 29526->29530 29531 40f88b 29526->29531 29527->29526 29528->29529 29532 40f803 29529->29532 29533 40f7fe CloseHandle 29529->29533 29530->29531 29536 40f890 CloseHandle 29531->29536 29537 40f895 29531->29537 29534 40f808 CloseHandle 29532->29534 29535 40f80d CloseHandle 29532->29535 29533->29532 29534->29535 29538 40f823 29535->29538 29539 40f818 WaitForSingleObject 29535->29539 29536->29537 29540 40f89a CloseHandle 29537->29540 29541 40f89f 29537->29541 29544 40f828 EnterCriticalSection 29538->29544 29545 40f86d CloseHandle 29538->29545 29539->29538 29540->29541 29542 40f8a4 CloseHandle 29541->29542 29543 40f8a9 29541->29543 29542->29543 29546 40f8b3 29543->29546 29547 40f8ae CloseHandle 29543->29547 29566 4285d0 HeapAlloc 29544->29566 29549 40f98c 29545->29549 29550 40f9a1 HeapFree 29546->29550 29552 40f8c2 wcslen 29546->29552 29553 40f8fb memset ShellExecuteExW 29546->29553 29547->29546 29549->29550 29551 40f840 LeaveCriticalSection 29551->29549 29552->29553 29554 40f8d1 29552->29554 29553->29550 29555 40f941 29553->29555 29554->29553 29558 40f8e1 wcscpy 29554->29558 29556 40f952 29555->29556 29557 40f947 WaitForSingleObject 29555->29557 29559 40f991 CloseHandle 29556->29559 29560 40f957 EnterCriticalSection 29556->29560 29557->29556 29558->29553 29559->29549 29567 4285d0 HeapAlloc 29560->29567 29562 40f96f LeaveCriticalSection 29562->29549 29563->29511 29564->29514 29565->29520 29566->29551 29567->29562 29568 431900 malloc 29569 40c6a4 SHGetSpecialFolderLocation 29570 40c756 29569->29570 29571 40c6d6 29569->29571 29572 429950 2 API calls 29570->29572 29573 428df0 RtlReAllocateHeap 29571->29573 29574 40c74d 29572->29574 29575 40c6e7 29573->29575 29577 429a70 HeapFree 29574->29577 29576 4299b0 2 API calls 29575->29576 29578 40c6f1 SHGetPathFromIDListW 29576->29578 29579 40c788 29577->29579 29589 4295a0 29578->29589 29582 429950 2 API calls 29583 40c726 29582->29583 29592 4295c0 CharUpperW RtlReAllocateHeap 29583->29592 29585 40c734 29586 4299b0 2 API calls 29585->29586 29587 40c73e 29586->29587 29588 429950 2 API calls 29587->29588 29588->29574 29593 4294d0 RtlReAllocateHeap 29589->29593 29591 40c71c 29591->29582 29592->29585 29593->29591 29594 421bc5 29595 421bce 29594->29595 29596 421be8 CallWindowProcW 29595->29596 29598 4235da 8 API calls _strftime 29595->29598 29598->29596 29599 42346f GetWindowLongW 29600 423516 DefWindowProcW 29599->29600 29601 42348b 29599->29601 29603 423510 29600->29603 29602 423498 CallWindowProcW 29601->29602 29602->29603 29604 4234b9 RemovePropW RemovePropW 29602->29604 29606 4234e0 RevokeDragDrop 29604->29606 29607 4234e7 SetWindowLongW 29604->29607 29606->29607 29611 4259ae EnterCriticalSection HeapFree LeaveCriticalSection _strftime 29607->29611 29609 423501 29610 427f10 2 API calls 29609->29610 29610->29603 29611->29609 29612 42162d 29613 4216e9 CallWindowProcW GetPropW GetWindowLongW 29612->29613 29614 42163f 29612->29614 29615 42171f 29613->29615 29628 42169d 29613->29628 29616 4216b2 RemovePropW HeapFree 29614->29616 29617 421644 29614->29617 29623 42172f 29615->29623 29615->29628 29618 4216cf CallWindowProcW 29616->29618 29619 421647 29617->29619 29620 421674 29617->29620 29618->29628 29619->29618 29621 42164f CallWindowProcW 29619->29621 29620->29618 29622 42167a CallWindowProcW 29620->29622 29636 421514 8 API calls 29621->29636 29629 42143e 29622->29629 29637 421331 SendMessageW SendMessageW SendMessageW 29623->29637 29627 42166f 29627->29628 29630 421456 29629->29630 29631 42150e 29629->29631 29630->29631 29632 42146d memset GetParent GetDC 29630->29632 29631->29628 29633 4214a2 29632->29633 29634 4214a6 InflateRect GetPropW memcpy 29633->29634 29635 4214f8 GetParent ReleaseDC 29633->29635 29634->29635 29635->29631 29636->29627 29637->29628 29638 415430 29639 415439 29638->29639 29640 41547d fseek 29638->29640 29641 415462 fseek 29639->29641 29642 41543e 29639->29642 29643 415443 29642->29643 29644 415447 fseek 29642->29644 29645 415390 29646 4153a1 29645->29646 29647 4153d6 29646->29647 29648 4153ca fopen 29646->29648 29649 423451 29650 423460 29649->29650 29651 423464 DestroyWindow 29650->29651 29652 42346c 29650->29652 29651->29652 29653 420cf6 29654 420d03 GetWindowLongW 29653->29654 29655 420d46 CallWindowProcW 29653->29655 29656 420d33 DefWindowProcW 29654->29656 29657 420d14 GetClientRect FillRect 29654->29657 29658 420d5d 29655->29658 29656->29658 29657->29658 29659 41fdb4 GetWindowLongW 29660 41fdd5 29659->29660 29661 41fde7 29660->29661 29662 41ff9b 29660->29662 29665 41fded 29661->29665 29681 41ff39 29661->29681 29663 41ffa7 29662->29663 29664 4200b5 SetCapture 29662->29664 29667 4200a3 29663->29667 29668 41ffb3 29663->29668 29666 4200c9 CallWindowProcW 29664->29666 29669 41fdf8 29665->29669 29670 41ff2b 29665->29670 29676 41fe1e 29666->29676 29667->29666 29675 4200aa ReleaseCapture 29667->29675 29677 42007e 29668->29677 29683 41ffcb 29668->29683 29671 41fe01 29669->29671 29672 41ff14 RedrawWindow 29669->29672 29719 41fd52 7 API calls 29670->29719 29678 41fe0a 29671->29678 29679 41ffef 29671->29679 29672->29676 29674 41ff80 ReleaseCapture 29720 4235da 8 API calls _strftime 29674->29720 29675->29666 29677->29676 29723 4235da 8 API calls _strftime 29677->29723 29678->29676 29680 41fe17 29678->29680 29686 41fe26 29678->29686 29687 41fff4 BeginPaint 29679->29687 29695 420001 29679->29695 29680->29666 29680->29676 29681->29666 29681->29674 29684 41ffd7 29683->29684 29685 42006a 29683->29685 29684->29666 29684->29679 29722 4235da 8 API calls _strftime 29685->29722 29689 41fe3b 29686->29689 29714 426172 DeleteObject 29686->29714 29687->29695 29692 41fe59 29689->29692 29715 425ecc 11 API calls 29689->29715 29717 41fd52 7 API calls 29692->29717 29694 420030 29694->29676 29700 42005b EndPaint 29694->29700 29695->29676 29695->29694 29698 420032 GetObjectType DrawStateW 29695->29698 29699 42001f 29695->29699 29697 41fe66 29697->29676 29702 41fe72 GetObjectType 29697->29702 29698->29694 29721 426184 GetObjectW CreateCompatibleDC SelectObject DeleteDC SelectObject 29699->29721 29700->29676 29701 41fe4b 29701->29692 29716 425fae 6 API calls 29701->29716 29704 41fe8d GetIconInfo 29702->29704 29705 41fe7e GetObjectW 29702->29705 29707 41febb GetWindowLongW 29704->29707 29708 41fe9c GetObjectW DeleteObject DeleteObject 29704->29708 29705->29707 29709 41fed3 29707->29709 29710 41feda SetWindowPos 29707->29710 29708->29707 29709->29710 29718 425ecc 11 API calls 29710->29718 29712 41fef4 29712->29676 29713 41fef8 InvalidateRect UpdateWindow 29712->29713 29713->29676 29714->29689 29715->29701 29716->29692 29717->29697 29718->29712 29719->29680 29720->29680 29721->29694 29722->29676 29723->29676 29724 421f34 SendMessageW 29725 421f4c 29724->29725 29726 424f1b 29735 424a65 29726->29735 29729 424f8c SetLastError 29731 424f78 29729->29731 29732 424f9e DefWindowProcW 29729->29732 29730 424f3d GetPropW 29730->29729 29734 424f4d 29730->29734 29732->29731 29733 424f82 DefFrameProcW 29733->29731 29734->29731 29734->29733 29736 424a7b _strftime 29735->29736 29791 42516e 29736->29791 29739 424aa4 GetPropW 29740 424ab9 GetParent 29739->29740 29741 424ac9 29739->29741 29740->29739 29740->29741 29742 424e25 29741->29742 29743 424b2e 29741->29743 29748 424b05 29741->29748 29747 424e89 29742->29747 29759 424d05 29742->29759 29744 424da1 29743->29744 29745 424b34 29743->29745 29839 4249ef GetPropW GetWindowLongW 29744->29839 29749 424cd6 29745->29749 29750 424b3d 29745->29750 29770 424ebd PostMessageW 29747->29770 29841 4258f1 EnterCriticalSection HeapAlloc HeapAlloc LeaveCriticalSection _strftime 29747->29841 29748->29729 29748->29730 29754 424d7a 29749->29754 29755 424cdf 29749->29755 29752 424b43 29750->29752 29753 424c79 29750->29753 29751 424db0 29751->29748 29763 424dc7 GetWindowLongW 29751->29763 29776 424df1 29751->29776 29760 424b50 29752->29760 29768 424b53 29752->29768 29777 424be0 29752->29777 29762 424c83 GetClientRect FillRect 29753->29762 29775 424ca9 29753->29775 29754->29748 29761 424d8c EnumChildWindows 29754->29761 29757 424ce4 29755->29757 29758 424d15 29755->29758 29757->29748 29757->29759 29766 424cf2 RemovePropW 29757->29766 29758->29748 29767 424d2e GetWindowLongW 29758->29767 29759->29748 29842 4249ef GetPropW GetWindowLongW 29759->29842 29760->29768 29769 424b7f 29760->29769 29761->29748 29762->29775 29763->29748 29766->29759 29767->29748 29768->29748 29837 4258f1 EnterCriticalSection HeapAlloc HeapAlloc LeaveCriticalSection _strftime 29768->29837 29773 424b86 GetPropW 29769->29773 29774 424bb5 GetFocus SetPropW 29769->29774 29770->29748 29771 424eba 29771->29770 29781 424b98 SetFocus 29773->29781 29782 424b9f 29773->29782 29783 425717 3 API calls 29774->29783 29838 4258f1 EnterCriticalSection HeapAlloc HeapAlloc LeaveCriticalSection _strftime 29775->29838 29776->29748 29840 42560f 13 API calls 29776->29840 29777->29748 29778 424c49 29777->29778 29779 424bf9 29777->29779 29778->29768 29836 4258f1 EnterCriticalSection HeapAlloc HeapAlloc LeaveCriticalSection _strftime 29778->29836 29779->29768 29786 424c08 29779->29786 29781->29782 29833 4258f1 EnterCriticalSection HeapAlloc HeapAlloc LeaveCriticalSection _strftime 29782->29833 29783->29748 29834 4258f1 EnterCriticalSection HeapAlloc HeapAlloc LeaveCriticalSection _strftime 29786->29834 29789 424c20 29835 4258f1 EnterCriticalSection HeapAlloc HeapAlloc LeaveCriticalSection _strftime 29789->29835 29792 425182 _strftime 29791->29792 29793 425195 29792->29793 29794 4252ed 29792->29794 29798 4251b7 SystemParametersInfoW 29793->29798 29806 424a8f 29793->29806 29795 4252f7 MapWindowPoints 29794->29795 29796 425358 29794->29796 29843 424ff0 29795->29843 29799 425363 29796->29799 29800 425516 29796->29800 29802 4251ce GetWindowRect GetWindowRect GetSystemMetrics GetSystemMetrics GetWindowLongW 29798->29802 29798->29806 29803 42550e ReleaseCapture 29799->29803 29810 425378 29799->29810 29800->29803 29804 42551d 29800->29804 29801 425329 SendMessageW 29844 4250d2 GetWindowLongW GetParent MapWindowPoints MoveWindow 29801->29844 29807 425226 GetWindowLongW 29802->29807 29808 42521e GetSystemMetrics 29802->29808 29803->29806 29804->29806 29809 425524 PostMessageW 29804->29809 29806->29739 29806->29741 29806->29748 29812 425247 29807->29812 29813 425237 GetSystemMetrics 29807->29813 29811 42523d GetSystemMetrics 29808->29811 29809->29806 29814 42553b SetCursorPos 29809->29814 29815 425383 29810->29815 29816 4254b9 GetCursorPos 29810->29816 29817 42524d 6 API calls 29811->29817 29812->29817 29813->29811 29814->29806 29818 42538a 29815->29818 29819 42545c GetCursorPos 29815->29819 29830 4253bc 29816->29830 29832 4253a5 29816->29832 29820 425295 SetCapture PostMessageW 29817->29820 29821 425288 SendMessageW 29817->29821 29823 425409 GetCursorPos 29818->29823 29824 42538d 29818->29824 29819->29830 29819->29832 29826 4252b3 GetCursorPos LoadImageW SetCursor 29820->29826 29827 4252e5 29820->29827 29821->29820 29822 4254e6 29828 425401 29822->29828 29823->29830 29823->29832 29824->29806 29825 425394 GetCursorPos 29824->29825 29825->29830 29825->29832 29826->29806 29827->29806 29846 425120 6 API calls 29828->29846 29830->29822 29830->29828 29830->29832 29845 424fc2 SetCursorPos LoadImageW SetCursor 29832->29845 29833->29748 29834->29789 29835->29748 29836->29768 29837->29748 29838->29748 29839->29751 29840->29748 29841->29771 29842->29748 29843->29801 29844->29827 29845->29806 29846->29806 29847 41e25b 29848 41df6e 29847->29848 29851 4299b0 2 API calls 29848->29851 29872 41e110 29848->29872 29884 41dfc1 29848->29884 29849 41e387 29853 41e424 SendMessageW 29849->29853 29854 41e40c FillRect 29849->29854 29850 41e634 29855 41e947 GetStockObject GetDlgCtrlID 29850->29855 29889 41e905 29850->29889 29856 41e0df 29851->29856 29852 4299b0 2 API calls 29857 41e1b0 29852->29857 29858 41e497 29853->29858 29859 41e44c SendMessageW ImageList_GetIcon 29853->29859 29854->29853 29900 427a50 29855->29900 29894 41f84c HeapFree wcslen HeapAlloc 29856->29894 29896 41f84c HeapFree wcslen HeapAlloc 29857->29896 29866 41e4b0 ImageList_GetIconSize 29858->29866 29867 41e5b3 29858->29867 29859->29858 29863 41ee17 29868 429a70 HeapFree 29863->29868 29864 41ee1d CallWindowProcW 29864->29863 29865 41e9b0 SelectObject 29865->29889 29869 41e4ed 29866->29869 29875 4299b0 2 API calls 29867->29875 29871 41ee52 29868->29871 29876 4299b0 2 API calls 29869->29876 29870 41e0e8 29870->29872 29895 429840 _wcsicmp _wcsicmp _wcsicmp setlocale swscanf 29870->29895 29874 429a70 HeapFree 29871->29874 29872->29852 29872->29884 29873 41e1b9 29873->29884 29897 429840 _wcsicmp _wcsicmp _wcsicmp setlocale swscanf 29873->29897 29879 41ee5b 29874->29879 29880 41e5de SetTextColor SetBkMode 29875->29880 29877 41e4f7 SetTextColor SetBkMode DrawIconEx 29876->29877 29898 428b00 29877->29898 29883 428b00 29880->29883 29886 41e615 DrawTextW 29883->29886 29884->29849 29884->29850 29885 41e5a0 DrawTextW 29887 41e626 29885->29887 29886->29887 29887->29863 29888 41ecc1 29888->29863 29888->29864 29889->29888 29890 41ecc3 29889->29890 29891 41ec35 29889->29891 29890->29888 29893 41ecef GetSysColor 29890->29893 29891->29888 29892 41ec93 InvalidateRect 29891->29892 29892->29888 29893->29888 29894->29870 29895->29872 29896->29873 29897->29884 29899 428b08 29898->29899 29899->29885 29899->29899 29900->29865 29901 40483d 29942 40d0a0 FreeLibrary 29901->29942 29903 404842 29943 40d0fb FreeLibrary 29903->29943 29905 404847 29944 40d12b ClipCursor FreeLibrary 29905->29944 29907 40484c 29965 40d1cc 22 API calls 29907->29965 29909 404851 29945 40d618 22 API calls 29909->29945 29911 404856 29946 40dfbe 17 API calls 29911->29946 29913 40485b 29947 40e124 FreeLibrary 29913->29947 29915 404860 29966 40e18b EnterCriticalSection CloseHandle LeaveCriticalSection HeapFree 29915->29966 29917 404865 29948 40e871 Sleep FreeLibrary memset HeapFree 29917->29948 29919 40486a 29949 40fc62 29 API calls _strftime 29919->29949 29921 40486f 29950 4107e9 DeleteObject memset HeapFree 29921->29950 29923 404874 29951 41157c EnterCriticalSection HeapFree LeaveCriticalSection HeapFree 29923->29951 29925 404879 29952 41b490 17 API calls 29925->29952 29927 40487e 29953 41cb1c 21 API calls 29927->29953 29929 404883 29967 41fcf2 DestroyWindow _strftime 29929->29967 29931 404888 29954 4241fb 29931->29954 29935 404892 29962 426b2b GetObjectType DeleteObject DestroyIcon memset HeapFree 29935->29962 29937 404897 29963 4276c5 FreeLibrary memset HeapFree 29937->29963 29939 40489c 29964 41c5a0 HeapDestroy 29939->29964 29941 4048a1 29942->29903 29943->29905 29944->29907 29945->29911 29946->29913 29947->29915 29948->29919 29949->29921 29950->29923 29951->29925 29952->29927 29953->29929 29955 424207 _strftime 29954->29955 29968 427f94 29955->29968 29958 40488d 29961 425df2 FreeLibrary 29958->29961 29959 424234 HeapFree 29959->29958 29960 424229 HeapFree 29960->29959 29961->29935 29962->29937 29963->29939 29964->29941 29965->29909 29966->29917 29967->29931 29969 424214 29968->29969 29970 427fa1 29968->29970 29969->29958 29969->29959 29969->29960 29970->29969 29971 424104 17 API calls 29970->29971 29971->29970 29972 4220dc SendMessageW 29973 4320fd 29983 431fc0 _vsnwprintf 29973->29983 29975 432119 GetPropW 29976 4321ae DefWindowProcW 29975->29976 29980 432131 _strftime 29975->29980 29977 4321c0 29976->29977 29978 432192 29978->29976 29979 432197 CallWindowProcW 29978->29979 29979->29977 29980->29978 29981 432170 HeapFree 29980->29981 29982 43217a HeapFree RemovePropW 29980->29982 29981->29982 29982->29978 29983->29975

                                                                                                                                                                                                      Executed Functions

                                                                                                                                                                                                      Function 0041C1F3 Relevance: 49.2, APIs: 27, Strings: 1, Instructions: 215fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 2535 41c1f3-41c208 2536 41c4b6-41c4bc 2535->2536 2537 41c20e-41c211 2535->2537 2537->2536 2538 41c217-41c238 wcsncpy wcslen 2537->2538 2539 41c255-41c27b wcscpy 2538->2539 2540 41c23a-41c240 2538->2540 2542 41c281-41c285 2539->2542 2543 41c37a-41c37e 2539->2543 2540->2539 2541 41c242-41c254 wcscat 2540->2541 2541->2539 2542->2543 2545 41c28b-41c296 wcscmp 2542->2545 2544 41c380-41c3b9 wcscpy wcscat FindFirstFileW 2543->2544 2546 41c4b5 2544->2546 2547 41c3bf-41c3c5 2544->2547 2545->2543 2548 41c29c-41c2a0 2545->2548 2546->2536 2549 41c3ca-41c3fa wcscpy wcscat 2547->2549 2548->2544 2550 41c2a6-41c2de wcscpy wcscat FindFirstFileW 2548->2550 2551 41c448-41c44c 2549->2551 2552 41c3fc-41c400 2549->2552 2553 41c371-41c378 2550->2553 2554 41c2e4-41c314 wcscpy wcscat 2550->2554 2555 41c458-41c45f DeleteFileW 2551->2555 2556 41c44e-41c456 SetFileAttributesW 2551->2556 2557 41c402-41c406 2552->2557 2558 41c465-41c477 FindNextFileW 2552->2558 2553->2544 2559 41c354-41c364 FindNextFileW 2554->2559 2560 41c316-41c32b wcscmp 2554->2560 2555->2558 2556->2555 2557->2558 2563 41c408-41c41d wcscmp 2557->2563 2558->2549 2562 41c47d-41c48a FindClose 2558->2562 2559->2554 2561 41c36a-41c36b FindClose 2559->2561 2560->2559 2564 41c32d-41c342 wcscmp 2560->2564 2561->2553 2566 41c496-41c49a 2562->2566 2567 41c48c-41c494 SetFileAttributesW 2562->2567 2563->2558 2568 41c41f-41c434 wcscmp 2563->2568 2564->2559 2565 41c344-41c34f call 41c1f3 2564->2565 2565->2559 2570 41c4a5-41c4b2 RemoveDirectoryW 2566->2570 2571 41c49c-41c4a3 2566->2571 2567->2566 2568->2558 2572 41c436-41c446 call 41c1f3 2568->2572 2570->2546 2571->2546 2572->2558
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • wcsncpy.MSVCRT ref: 0041C224
                                                                                                                                                                                                      • wcslen.MSVCRT ref: 0041C22E
                                                                                                                                                                                                      • wcscat.MSVCRT ref: 0041C24E
                                                                                                                                                                                                      • wcscpy.MSVCRT ref: 0041C264
                                                                                                                                                                                                      • wcscmp.MSVCRT ref: 0041C28D
                                                                                                                                                                                                      • wcscpy.MSVCRT ref: 0041C2B4
                                                                                                                                                                                                      • wcscat.MSVCRT ref: 0041C2C1
                                                                                                                                                                                                      • FindFirstFileW.KERNEL32(?,?,?,?,?,00000000), ref: 0041C2D7
                                                                                                                                                                                                      • wcscpy.MSVCRT ref: 0041C2F2
                                                                                                                                                                                                      • wcscat.MSVCRT ref: 0041C305
                                                                                                                                                                                                      • wcscmp.MSVCRT ref: 0041C322
                                                                                                                                                                                                      • wcscmp.MSVCRT ref: 0041C339
                                                                                                                                                                                                      • FindNextFileW.KERNEL32(00000000,00000010,?,?,?,?,?,?,?,00000000), ref: 0041C35C
                                                                                                                                                                                                      • FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 0041C36B
                                                                                                                                                                                                      • wcscpy.MSVCRT ref: 0041C38E
                                                                                                                                                                                                      • wcscat.MSVCRT ref: 0041C39B
                                                                                                                                                                                                      • FindFirstFileW.KERNELBASE(?,?,?,?,?,00000000), ref: 0041C3B1
                                                                                                                                                                                                      • wcscpy.MSVCRT ref: 0041C3D8
                                                                                                                                                                                                      • wcscat.MSVCRT ref: 0041C3EB
                                                                                                                                                                                                      • wcscmp.MSVCRT ref: 0041C414
                                                                                                                                                                                                      • wcscmp.MSVCRT ref: 0041C42B
                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,?,00000000), ref: 0041C456
                                                                                                                                                                                                      • DeleteFileW.KERNELBASE(?,?,?,?,?,?,?,?,00000000), ref: 0041C45F
                                                                                                                                                                                                      • FindNextFileW.KERNELBASE(?,00000010,?,?,?,?,?,?,?,00000000), ref: 0041C46F
                                                                                                                                                                                                      • FindClose.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 0041C480
                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,?,00000000), ref: 0041C494
                                                                                                                                                                                                      • RemoveDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,00000000), ref: 0041C4AC
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$Find$wcscatwcscmpwcscpy$AttributesCloseFirstNext$DeleteDirectoryRemovewcslenwcsncpy
                                                                                                                                                                                                      • String ID: *.*
                                                                                                                                                                                                      • API String ID: 3664895508-438819550
                                                                                                                                                                                                      • Opcode ID: 1acdf33090f00ff4de5d3493c09cf4b93db4c6f6561f58e2c34b82026772c4d3
                                                                                                                                                                                                      • Instruction ID: 818d7ac94336760085aa416f2fe06b3395b7879d8cfd7b3c34f3fd25d48ca819
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1acdf33090f00ff4de5d3493c09cf4b93db4c6f6561f58e2c34b82026772c4d3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: D271ABB284421C6ADB24EF90CC89FEB77BCAF08314F0444ABE914D2141E7B99AC4CF59
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00421743 Relevance: 47.4, APIs: 16, Strings: 11, Instructions: 146libraryloadermemoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 2575 421743-421763 call 428039 call 423cbd 2580 4218a2-4218c0 2575->2580 2581 421769-421819 memset LoadLibraryW 2575->2581 2582 4218c2 2580->2582 2583 4218c7-4218f5 CreateWindowExW 2580->2583 2584 421822-421829 2581->2584 2585 42181b-421820 LoadLibraryW 2581->2585 2582->2583 2586 421984-42198a 2583->2586 2587 4218fb-42196e call 427e22 HeapAlloc SetPropW SendMessageW SetWindowLongW SetWindowPos RedrawWindow call 423d8e 2583->2587 2588 42182b-421893 GetProcAddress * 6 2584->2588 2589 421898 2584->2589 2585->2584 2593 421973-421982 call 42352c 2587->2593 2588->2589 2589->2580 2593->2586
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00423CBD: LoadLibraryW.KERNEL32(COMCTL32.DLL,-FFFFFEC7), ref: 00423CDD
                                                                                                                                                                                                        • Part of subcall function 00423CBD: GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00423CF2
                                                                                                                                                                                                        • Part of subcall function 00423CBD: memset.MSVCRT ref: 00423D03
                                                                                                                                                                                                        • Part of subcall function 00423CBD: FreeLibrary.KERNEL32(?), ref: 00423D3E
                                                                                                                                                                                                        • Part of subcall function 00423CBD: LoadLibraryW.KERNEL32(uxtheme.dll), ref: 00423D49
                                                                                                                                                                                                        • Part of subcall function 00423CBD: GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 00423D5A
                                                                                                                                                                                                      • memset.MSVCRT ref: 00421775
                                                                                                                                                                                                      • LoadLibraryW.KERNELBASE(RICHED20.DLL), ref: 00421810
                                                                                                                                                                                                      • LoadLibraryW.KERNEL32(RICHED32.DLL), ref: 00421820
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(745C0000,OpenThemeData), ref: 00421837
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(CloseThemeData), ref: 00421849
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(GetThemeBackgroundContentRect), ref: 0042185B
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(IsThemeBackgroundPartiallyTransparent), ref: 0042186D
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(DrawThemeParentBackground), ref: 0042187F
                                                                                                                                                                                                      • GetProcAddress.KERNEL32(DrawThemeBackground), ref: 00421891
                                                                                                                                                                                                      • CreateWindowExW.USER32(-000001FF,RichEdit20W,00000000,?,?,?,?,?,00000000,000000FF,00000000,-FFFFFEC7), ref: 004218EB
                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000008,00000010,?,?,00000000,0045DF26,00407668,00000014,00000019,0000006E,0000019A,00000096,00000800,00000013,00000019,00000046), ref: 0042191D
                                                                                                                                                                                                      • SetPropW.USER32(00000000,PB_ClientRect,00000000), ref: 0042192A
                                                                                                                                                                                                      • SendMessageW.USER32(00000000,000000C5,000000FF,00000000), ref: 00421939
                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000FC,0042162D), ref: 00421947
                                                                                                                                                                                                      • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000037,?,00000000,0045DF26,00407668,00000014,00000019,0000006E,0000019A,00000096), ref: 0042195A
                                                                                                                                                                                                      • RedrawWindow.USER32(00000000,00000000,00000000,00000541,?,00000000,0045DF26,00407668,00000014,00000019,0000006E,0000019A,00000096,00000800,00000013,00000019), ref: 00421968
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressProc$Library$LoadWindow$memset$AllocCreateFreeHeapLongMessagePropRedrawSend
                                                                                                                                                                                                      • String ID: CloseThemeData$DrawThemeBackground$DrawThemeParentBackground$GetThemeBackgroundContentRect$IsThemeBackgroundPartiallyTransparent$OpenThemeData$PB_ClientRect$RICHED20.DLL$RICHED32.DLL$RichEdit$RichEdit20W
                                                                                                                                                                                                      • API String ID: 2786237234-441401328
                                                                                                                                                                                                      • Opcode ID: aaafd5f065d742f69c7bd722c75fbd57ed158642b5483389ae1596973c7d4943
                                                                                                                                                                                                      • Instruction ID: 3b68e2732a193d1c22bc4780641a39f1d6535b71556c03726686db5c2dc31df2
                                                                                                                                                                                                      • Opcode Fuzzy Hash: aaafd5f065d742f69c7bd722c75fbd57ed158642b5483389ae1596973c7d4943
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F518CB1600224BBCB10AFA5BC499563FA9FB55714B108227F111D72B0E7F94894CF9E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00408B02 Relevance: 38.7, APIs: 1, Strings: 21, Instructions: 198COMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 3078 408b02-408b04 3079 408b09-408b14 3078->3079 3079->3079 3080 408b16-408b4a call 427766 3079->3080 3083 408e10-408e27 call 429950 3080->3083 3084 408b50-408b70 call 4279d1 3080->3084 3089 408e39-408e59 call 429a70 * 2 3083->3089 3090 408b82-408bac call 427698 GetSystemInfo call 4291b0 3084->3090 3091 408b72-408b7d call 427a32 3084->3091 3100 408bb1-408bef call 429950 call 4291b0 call 4299b0 call 429a30 3090->3100 3091->3090 3109 408bf1-408c02 call 40a008 3100->3109 3110 408c07-408c14 call 429a30 3100->3110 3115 408df2-408e0c call 429950 3109->3115 3116 408c16-408c27 call 40a008 3110->3116 3117 408c2c-408c39 call 429a30 3110->3117 3115->3089 3116->3115 3124 408c92-408c9f call 429a30 3117->3124 3125 408c3b-408c49 3117->3125 3134 408ca1-408caf 3124->3134 3135 408cda-408ce7 call 429a30 3124->3135 3127 408c63 3125->3127 3128 408c4b-408c5a 3125->3128 3130 408c65-408c67 3127->3130 3128->3127 3129 408c5c-408c61 3128->3129 3129->3130 3132 408c69-408c7a call 40a008 3130->3132 3133 408c7c-408c88 call 40a008 3130->3133 3144 408c8d 3132->3144 3133->3144 3139 408cb1-408cc2 call 40a008 3134->3139 3140 408cc4-408cd0 call 40a008 3134->3140 3147 408d22-408d2f call 429a30 3135->3147 3148 408ce9-408cf7 3135->3148 3146 408cd5 3139->3146 3140->3146 3144->3115 3146->3115 3156 408d31-408d3f 3147->3156 3157 408d6a-408d77 call 429a30 3147->3157 3150 408cf9-408d0a call 40a008 3148->3150 3151 408d0c-408d18 call 40a008 3148->3151 3159 408d1d 3150->3159 3151->3159 3160 408d41-408d52 call 40a008 3156->3160 3161 408d54-408d60 call 40a008 3156->3161 3168 408d79-408d87 3157->3168 3169 408daf-408dbc call 429a30 3157->3169 3159->3115 3167 408d65 3160->3167 3161->3167 3167->3115 3171 408d89-408d9a call 40a008 3168->3171 3172 408d9c-408da8 call 40a008 3168->3172 3169->3115 3177 408dbe-408dcc 3169->3177 3176 408dad 3171->3176 3172->3176 3176->3115 3179 408de1-408ded call 40a008 3177->3179 3180 408dce-408ddf call 40a008 3177->3180 3179->3115 3180->3115
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetSystemInfo.KERNEL32(?,00000000,?,RtlGetVersion), ref: 00408B96
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: InfoSystem
                                                                                                                                                                                                      • String ID: 10.0$5.0$5.1$5.2$6.0$6.1$6.2$6.3$ERROR$RtlGetVersion$Windows 10$Windows 2000$Windows 7$Windows 8$Windows Server 2003$Windows Server 2008$Windows Server 2012$Windows Server 2016$Windows Vista$Windows XP$ntdll.dll
                                                                                                                                                                                                      • API String ID: 31276548-2397706006
                                                                                                                                                                                                      • Opcode ID: 4aff6b6556b4de260d85ac6947625d9daa585f8fae7eb6fc3588557a2e339c25
                                                                                                                                                                                                      • Instruction ID: eda4fd2cbdd44f3a836df940b2a0b51db70a8612117e0df9e791307d9dcd197a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4aff6b6556b4de260d85ac6947625d9daa585f8fae7eb6fc3588557a2e339c25
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CE717D301083949BC724EB21D985AEF73A5BF94304F50893FE0C95A2E2DB3C5D59DA4E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041C085 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 101fileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 3446 41c085-41c09a 3447 41c0a0-41c0a4 3446->3447 3448 41c1d7-41c1de 3446->3448 3447->3448 3449 41c0aa-41c0da wcsncpy wcslen 3447->3449 3450 41c0e1-41c0e9 3449->3450 3451 41c0dc-41c0df 3449->3451 3452 41c125-41c129 3450->3452 3453 41c0eb-41c0ee 3450->3453 3451->3450 3451->3452 3456 41c131-41c134 3452->3456 3454 41c0f0-41c102 wcscat 3453->3454 3455 41c103-41c113 GetDriveTypeW 3453->3455 3454->3455 3455->3448 3457 41c119-41c120 3455->3457 3458 41c136-41c14c FindFirstFileW 3456->3458 3459 41c12b-41c130 3456->3459 3457->3448 3460 41c180-41c187 3458->3460 3461 41c14e-41c155 3458->3461 3459->3456 3462 41c192-41c19a 3460->3462 3463 41c189-41c190 3460->3463 3464 41c160-41c175 3461->3464 3465 41c157-41c15e 3461->3465 3467 41c1d6 3462->3467 3468 41c19c-41c1a4 3462->3468 3463->3462 3466 41c1a6-41c1b5 GetFileAttributesW 3463->3466 3469 41c177-41c17e FindClose 3464->3469 3465->3469 3470 41c1b7-41c1b9 3466->3470 3471 41c1bd-41c1cd GetDriveTypeW 3466->3471 3467->3448 3468->3466 3468->3467 3469->3467 3470->3467 3472 41c1bb 3470->3472 3471->3467 3473 41c1cf 3471->3473 3472->3473 3473->3467
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • wcsncpy.MSVCRT ref: 0041C0B7
                                                                                                                                                                                                      • wcslen.MSVCRT ref: 0041C0C8
                                                                                                                                                                                                      • wcscat.MSVCRT ref: 0041C0FC
                                                                                                                                                                                                      • GetDriveTypeW.KERNELBASE(?,?,?,?,00000000), ref: 0041C10A
                                                                                                                                                                                                      • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00000000), ref: 0041C144
                                                                                                                                                                                                      • FindClose.KERNELBASE(00000000,?,?,?,?,00000000), ref: 0041C178
                                                                                                                                                                                                      • GetFileAttributesW.KERNEL32(0000002E,?,?,?,?,00000000), ref: 0041C1AD
                                                                                                                                                                                                      • GetDriveTypeW.KERNEL32(0000002E,?,?,?,?,00000000), ref: 0041C1C4
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DriveFileFindType$AttributesCloseFirstwcscatwcslenwcsncpy
                                                                                                                                                                                                      • String ID: .$.
                                                                                                                                                                                                      • API String ID: 172296787-3769392785
                                                                                                                                                                                                      • Opcode ID: 1c0eab87a6281fff8af39201b1ad1bb78e7babba320e7e213cf2cf64f6c82382
                                                                                                                                                                                                      • Instruction ID: d0ec428b251e0538e3a77114e968f62b8f939fcf880cc71096329147fd9ef647
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1c0eab87a6281fff8af39201b1ad1bb78e7babba320e7e213cf2cf64f6c82382
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 07317271CC0218AACF34AB948DC8AEF77B9AB14314F504597D51592182E7B88EC4CF9A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040734D Relevance: 17.1, APIs: 5, Strings: 4, Instructions: 1346windowCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 3497 40734d-407386 call 4245d6 3500 4073b7-407729 call 4209ea call 420aad call 420c8d call 420aad call 424615 * 2 call 42466b call 420f8e call 428950 call 4299b0 call 426dd3 call 4201e2 call 420f8e call 41c8f0 call 420fab call 420355 call 410923 call 420fd6 call 420355 call 41c8f0 call 420fab call 41c8f0 call 420fab call 421030 * 2 call 424615 * 2 call 42466b call 420f8e call 426dd3 call 4201e2 call 420355 call 421743 call 42198d SendMessageW call 42198d SendMessageW call 42198d SendMessageW call 42198d SendMessageW call 429950 * 3 call 41c085 3497->3500 3501 407388-4073b2 call 426dd3 call 42466b call 4201e2 3497->3501 3589 407734 3500->3589 3590 40772b-40772e 3500->3590 3501->3500 3592 407739-40773b 3589->3592 3590->3589 3591 407730-407732 3590->3591 3591->3592 3593 407799 3592->3593 3594 40773d-40776c call 429950 * 3 call 41c085 3592->3594 3595 40779b-40779d 3593->3595 3617 407771-40777e 3594->3617 3597 4077f6-4083a0 call 421a54 * 2 call 420b20 call 42466b call 420f8e call 41c8f0 call 420fab call 426dd3 call 4201e2 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 421030 call 420c8d call 421030 call 424615 * 2 call 42466b call 420f8e call 426dd3 call 4201e2 call 428df0 call 4299b0 GetUserNameW call 420355 call 421d09 call 420355 call 421d09 call 420355 call 421d09 call 42466b call 420f8e call 41c8f0 call 420fab call 426dd3 call 4201e2 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 421030 call 420c8d call 421030 call 424615 * 2 call 42466b call 420f8e call 426dd3 call 4201e2 * 2 call 428950 call 4299b0 call 428950 call 4299b0 call 420355 * 2 call 421ed7 call 421d09 call 420aad call 429950 * 3 call 420355 call 429950 * 2 call 406502 call 420355 call 42466b call 420f8e call 41c8f0 call 420fab call 426dd3 call 4201e2 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 421030 call 420c8d call 421030 call 424615 * 2 call 42466b call 420f8e call 426dd3 call 4201e2 * 2 call 420355 * 2 call 421d09 call 420aad call 42466b call 420f8e call 41c8f0 call 420fab call 426dd3 call 4201e2 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 421030 call 420c8d call 421030 call 424615 * 2 call 42466b call 420f8e call 426dd3 call 4201e2 call 420f8e call 41c8f0 call 420fab call 428950 call 4299b0 call 420355 call 410923 call 420fd6 call 428950 call 4299b0 call 420355 3595->3597 3598 40779f-4077f0 call 429950 * 3 call 42198d call 4072c6 3595->3598 3911 4083a2-4083c6 call 4220a4 3597->3911 3912 4083c8-4083d1 3597->3912 3598->3597 3618 407780-407783 3617->3618 3619 407789 3617->3619 3618->3619 3622 407785-407787 3618->3622 3623 40778e-407790 3619->3623 3622->3623 3623->3593 3627 407792-407797 3623->3627 3627->3595 3915 408434-408664 call 420b20 call 41c8f0 * 2 call 41cb24 call 41c8f0 call 420fab call 41c8f0 call 420fab call 41c8f0 call 420fab call 421030 call 420c8d call 421030 call 424615 * 2 call 42466b call 420f8e call 426dd3 call 4201e2 call 428950 call 4299b0 call 428950 call 4299b0 call 429950 * 3 call 420355 call 4220a4 * 2 3911->3915 3914 4083d3-408429 call 429950 * 3 call 4220a4 3912->3914 3912->3915 3931 40842e 3914->3931 3983 408675-40867d 3915->3983 3984 408666-408670 call 420bae 3915->3984 3931->3915 3985 40868e-408696 3983->3985 3986 40867f-408689 call 420bae 3983->3986 3984->3983 3989 408698-4086a7 call 420bae 3985->3989 3990 4086a9-4086b3 call 420b20 3985->3990 3986->3985 3994 4086b8-4086c0 3989->3994 3990->3994 3995 4086c2-4086d1 call 420bae 3994->3995 3996 4086d3-4086dd call 420b20 3994->3996 4000 4086e2-408a7e call 42466b call 420f8e call 41c8f0 call 420fab call 426dd3 call 4201e2 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 421030 call 420c8d call 421030 call 424615 * 2 call 42466b call 420f8e call 426dd3 call 4201e2 call 420355 call 42466b call 422302 call 420355 call 42466b call 420f8e call 41c8f0 call 420fab call 426dd3 call 4201e2 call 428950 call 4299b0 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 421030 call 420c8d call 41c903 3995->4000 3996->4000 4101 408a80-408a86 4000->4101 4102 408a8a-408a8f 4000->4102 4101->4102 4103 408a88-408a91 4101->4103 4104 408a93-408a95 4102->4104 4103->4104 4106 408af1-408b01 call 429a70 4104->4106 4107 408a97-408aec call 4049e7 call 4245f9 * 2 4104->4107 4107->4106
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0042466B: GetClientRect.USER32(00000000,?), ref: 00424689
                                                                                                                                                                                                        • Part of subcall function 00424615: GetClientRect.USER32(00000000,?), ref: 00424637
                                                                                                                                                                                                        • Part of subcall function 00424615: GetMenu.USER32(00000000), ref: 00424645
                                                                                                                                                                                                        • Part of subcall function 00424615: GetSystemMetrics.USER32(0000000F), ref: 00424657
                                                                                                                                                                                                        • Part of subcall function 00421743: memset.MSVCRT ref: 00421775
                                                                                                                                                                                                        • Part of subcall function 00421743: LoadLibraryW.KERNELBASE(RICHED20.DLL), ref: 00421810
                                                                                                                                                                                                        • Part of subcall function 00421743: LoadLibraryW.KERNEL32(RICHED32.DLL), ref: 00421820
                                                                                                                                                                                                        • Part of subcall function 00421743: GetProcAddress.KERNEL32(745C0000,OpenThemeData), ref: 00421837
                                                                                                                                                                                                        • Part of subcall function 00421743: GetProcAddress.KERNEL32(CloseThemeData), ref: 00421849
                                                                                                                                                                                                        • Part of subcall function 00421743: GetProcAddress.KERNEL32(GetThemeBackgroundContentRect), ref: 0042185B
                                                                                                                                                                                                        • Part of subcall function 00421743: GetProcAddress.KERNEL32(IsThemeBackgroundPartiallyTransparent), ref: 0042186D
                                                                                                                                                                                                        • Part of subcall function 00421743: GetProcAddress.KERNEL32(DrawThemeParentBackground), ref: 0042187F
                                                                                                                                                                                                        • Part of subcall function 00421743: GetProcAddress.KERNEL32(DrawThemeBackground), ref: 00421891
                                                                                                                                                                                                        • Part of subcall function 00421743: CreateWindowExW.USER32(-000001FF,RichEdit20W,00000000,?,?,?,?,?,00000000,000000FF,00000000,-FFFFFEC7), ref: 004218EB
                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000014,00000448,00000000), ref: 00407682
                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000014,0000043B,00000000), ref: 004076A1
                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000014,00000445,00000000), ref: 004076C4
                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000014,0000045B,00000001), ref: 004076E3
                                                                                                                                                                                                        • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                        • Part of subcall function 0041C085: wcsncpy.MSVCRT ref: 0041C0B7
                                                                                                                                                                                                        • Part of subcall function 0041C085: wcslen.MSVCRT ref: 0041C0C8
                                                                                                                                                                                                        • Part of subcall function 0041C085: wcscat.MSVCRT ref: 0041C0FC
                                                                                                                                                                                                        • Part of subcall function 0041C085: GetDriveTypeW.KERNELBASE(?,?,?,?,00000000), ref: 0041C10A
                                                                                                                                                                                                      • GetUserNameW.ADVAPI32(00000400,00000400), ref: 00407A27
                                                                                                                                                                                                        • Part of subcall function 00420FD6: SendMessageA.USER32(00000000,00000030,000000FF,00000001), ref: 00421026
                                                                                                                                                                                                        • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                        • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(024D0000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                        • Part of subcall function 00406502: SetErrorMode.KERNEL32(00000001), ref: 00406531
                                                                                                                                                                                                        • Part of subcall function 00406502: GetDiskFreeSpaceExW.KERNEL32(00000000,00000000,00000003,00000000,00000001,00000000,00000003,00000000,00000000,00000001), ref: 00406569
                                                                                                                                                                                                        • Part of subcall function 00406502: SetErrorMode.KERNEL32(00000000,00000000,00000000,00000003,00000000,00000001,00000000,00000003,00000000,00000000,00000001), ref: 0040659F
                                                                                                                                                                                                        • Part of subcall function 00420C8D: ShowWindow.USER32(00000000,00000005,00000000,004042F3,00000003,00000001,00000000,00000001,00000000,0000003D,00000001,00000001,00000001,00000001,00000000,00000001), ref: 00420CC2
                                                                                                                                                                                                        • Part of subcall function 00420BAE: KiUserCallbackDispatcher.NTDLL(00000000,00000001), ref: 00420BD0
                                                                                                                                                                                                        • Part of subcall function 0041C903: GetVersionExA.KERNEL32(?,-FFFFFEC7,?,-000000C9), ref: 0041C925
                                                                                                                                                                                                        • Part of subcall function 0041C903: GetVersionExA.KERNEL32(?,?,-000000C9), ref: 0041C953
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AddressProc$MessageSend$ClientErrorHeapLibraryLoadModeRectUserVersionWindowwcslen$AllocAllocateCallbackCreateDiskDispatcherDriveFreeMenuMetricsNameShowSpaceSystemTypememsetwcscatwcsncpy
                                                                                                                                                                                                      • String ID: $<appname>$<appversion>$licence.rtf
                                                                                                                                                                                                      • API String ID: 2663491473-761403372
                                                                                                                                                                                                      • Opcode ID: 34133763fd3acde85fe390fdfa799585bec1b543e6980a625c3b91287cd537cc
                                                                                                                                                                                                      • Instruction ID: 052852ef4dca4c1078e33f7aeb1041bb2f413f3870aebd12a444a7165807f6f0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 34133763fd3acde85fe390fdfa799585bec1b543e6980a625c3b91287cd537cc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2927D713C43167AF63077A2AD53FAA26599B04F49F80403AB344BD1E3DEED5880966F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004247C0 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindow.USER32(00000000,00000004), ref: 004247E1
                                                                                                                                                                                                      • SetActiveWindow.USER32(00000000,?,00404770,00000000,00000001,00000001,00000000,0000003D,00000001,00000001,00000001,00000001,00000000,00000001,00000001,00000000), ref: 004247F2
                                                                                                                                                                                                      • IsZoomed.USER32(00000000), ref: 004247FE
                                                                                                                                                                                                      • IsIconic.USER32(00000000), ref: 0042480F
                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000001,?,00404770,00000000,00000001,00000001,00000000,0000003D,00000001,00000001,00000001,00000001,00000000,00000001,00000001), ref: 00424822
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$ActiveIconicShowZoomed
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 869202870-0
                                                                                                                                                                                                      • Opcode ID: d2c29f3b0c30027ff3c377b830fe1097b04098fb45541d09477b1d28a5072b5a
                                                                                                                                                                                                      • Instruction ID: 432fc2528d327898e18a11e5434a254d2abb36d4ee352001c379221f8793a9d4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2c29f3b0c30027ff3c377b830fe1097b04098fb45541d09477b1d28a5072b5a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 17F03134604252EFEB216F21FC18B167AE8FB84751F52443AF581901A4DBF58C50DA5D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406502 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000001), ref: 00406531
                                                                                                                                                                                                      • GetDiskFreeSpaceExW.KERNEL32(00000000,00000000,00000003,00000000,00000001,00000000,00000003,00000000,00000000,00000001), ref: 00406569
                                                                                                                                                                                                      • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000003,00000000,00000001,00000000,00000003,00000000,00000000,00000001), ref: 0040659F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                      • String ID: ERROR
                                                                                                                                                                                                      • API String ID: 1682464887-2861137601
                                                                                                                                                                                                      • Opcode ID: 79696f25e9f509ce6ebaf275fc6f8f5a4f57c3af7e59e4ab2e66360f46cbd9c1
                                                                                                                                                                                                      • Instruction ID: 87bc0a6974ab8788bebee1ffd914571b807bdfd12f43c4b0a24768797953235d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 79696f25e9f509ce6ebaf275fc6f8f5a4f57c3af7e59e4ab2e66360f46cbd9c1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 33414DB1208301AFD300EF51EC81A2FB7F9FB84318F54883EF185AA251D7799D658B5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004049E7 Relevance: 3.0, APIs: 2, Instructions: 19comCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 004049F0
                                                                                                                                                                                                      • CoCreateInstance.OLE32(0043A858,00000000,00000001,0043A868,00000000,00000000,0045DF26,00408A9C,00000035,00000001,0000003B,00000000,00000007,0000003B,00000002,00000000), ref: 00404A0F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateInitializeInstance
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3519745914-0
                                                                                                                                                                                                      • Opcode ID: db0be8653e99ee2d14ada892040a6b67eb3287710424c46c615e6e7223992d42
                                                                                                                                                                                                      • Instruction ID: 4170ed63a7f04d0d6b04d7f9422dc676b476f32d5ee4902fa325786225818b3f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: db0be8653e99ee2d14ada892040a6b67eb3287710424c46c615e6e7223992d42
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3ED0A7712C830C2AF190B1216C42F37328CC708304F005837FF9CD9181E38D681D452B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00401000 Relevance: 223.9, APIs: 10, Strings: 116, Instructions: 3372memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 0040100F
                                                                                                                                                                                                      • GetModuleHandleW.KERNEL32(00000000), ref: 0040101C
                                                                                                                                                                                                      • HeapCreate.KERNEL32(00000000,00001000,00000000,00000000), ref: 00401035
                                                                                                                                                                                                        • Part of subcall function 004298D0: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,0040104E,00000000,00001000,00000000,00000000), ref: 004298DC
                                                                                                                                                                                                        • Part of subcall function 004298D0: HeapAlloc.KERNEL32(024D0000,00000000,00004208,?,0040104E,00000000,00001000,00000000,00000000), ref: 0042990A
                                                                                                                                                                                                        • Part of subcall function 0042759B: TlsAlloc.KERNEL32(0040105D,00000000,00001000,00000000,00000000), ref: 0042759B
                                                                                                                                                                                                        • Part of subcall function 00425D57: LoadLibraryW.KERNELBASE(msimg32.dll), ref: 00425D66
                                                                                                                                                                                                        • Part of subcall function 00425D57: GetProcAddress.KERNEL32(00000000,AlphaBlend), ref: 00425D7D
                                                                                                                                                                                                        • Part of subcall function 00425D57: GetVersionExW.KERNEL32(?), ref: 00425DA3
                                                                                                                                                                                                        • Part of subcall function 00424279: LoadIconW.USER32(00000001,00000048), ref: 004242A7
                                                                                                                                                                                                        • Part of subcall function 00424279: LoadCursorW.USER32(00000000,00007F00), ref: 004242B9
                                                                                                                                                                                                        • Part of subcall function 0041FC82: InitializeCriticalSection.KERNEL32(0046C2B8,?,?,?,0040107B,00000000,00001000,00000000,00000000), ref: 0041FC8C
                                                                                                                                                                                                        • Part of subcall function 0041FC82: GetStockObject.GDI32(00000011), ref: 0041FC94
                                                                                                                                                                                                        • Part of subcall function 0041FC82: memset.MSVCRT ref: 0041FCD0
                                                                                                                                                                                                        • Part of subcall function 0041FC82: InitCommonControlsEx.COMCTL32(00000000,00001000), ref: 0041FCEA
                                                                                                                                                                                                        • Part of subcall function 0041C580: HeapCreate.KERNELBASE(00000000,00001000,00000000,00401085,00000000,00001000,00000000,00000000), ref: 0041C589
                                                                                                                                                                                                        • Part of subcall function 0040FC47: memset.MSVCRT ref: 0040FC52
                                                                                                                                                                                                        • Part of subcall function 0040F481: InitializeCriticalSection.KERNEL32(0046C260,00000004,00000004,0040F454,00000010,00000000,00000000,004010A3,00000000,00001000,00000000,00000000), ref: 0040F4A9
                                                                                                                                                                                                        • Part of subcall function 0040F109: memset.MSVCRT ref: 0040F116
                                                                                                                                                                                                        • Part of subcall function 0040F109: InitCommonControlsEx.COMCTL32(00000000,00001000), ref: 0040F130
                                                                                                                                                                                                        • Part of subcall function 0040F109: CoInitialize.OLE32(00000000), ref: 0040F138
                                                                                                                                                                                                        • Part of subcall function 0040E17F: InitializeCriticalSection.KERNEL32(0046BF18,004010AD,00000000,00001000,00000000,00000000), ref: 0040E184
                                                                                                                                                                                                        • Part of subcall function 00427B1D: HeapFree.KERNEL32(00000000,?,?,?,00001000,?,?,?,0041C9FE,00401080,00000000,00001000,00000000,00000000), ref: 00427B5B
                                                                                                                                                                                                        • Part of subcall function 00427B1D: HeapFree.KERNEL32(00000000,?,?,00001000,?,?,?,0041C9FE,00401080,00000000,00001000,00000000,00000000), ref: 00427B73
                                                                                                                                                                                                        • Part of subcall function 00427B1D: HeapFree.KERNEL32(00000000,00001000,?,00001000,?,?,?,0041C9FE,00401080,00000000,00001000,00000000,00000000), ref: 00427B7D
                                                                                                                                                                                                        • Part of subcall function 00427A6C: RtlAllocateHeap.NTDLL(00000000,00000034,?,?,?,0041CA17,00000074,00000000,00000000,00000007,00401080,00000000,00001000,00000000,00000000), ref: 00427A7F
                                                                                                                                                                                                        • Part of subcall function 00427A6C: HeapAlloc.KERNEL32(00401080,00000008,?,?,?,0041CA17,00000074,00000000,00000000,00000007,00401080,00000000,00001000,00000000,00000000), ref: 00427A94
                                                                                                                                                                                                        • Part of subcall function 004048D2: CreateMutexW.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 004048F0
                                                                                                                                                                                                        • Part of subcall function 004048D2: GetLastError.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 004048FA
                                                                                                                                                                                                        • Part of subcall function 004048D2: ReleaseMutex.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 0040492A
                                                                                                                                                                                                        • Part of subcall function 004048D2: CloseHandle.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 00404935
                                                                                                                                                                                                      • ExitProcess.KERNEL32(00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000,00000000,00000000,00000004,00000006), ref: 00404823
                                                                                                                                                                                                      • HeapDestroy.KERNEL32(00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000,00000000,00000000,00000004,00000006), ref: 00404833
                                                                                                                                                                                                      • ExitProcess.KERNEL32(00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000,00000000,00000000,00000004,00000006), ref: 00404838
                                                                                                                                                                                                        • Part of subcall function 0040F140: MessageBoxW.USER32(00000000,00000007,00001000,00000000), ref: 0040F15A
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$CreateInitializememset$AllocCriticalFreeLoadSection$CommonControlsExitHandleInitMutexProcess$AddressAllocateCloseCursorDestroyErrorIconLastLibraryMessageModuleObjectProcReleaseStockVersion
                                                                                                                                                                                                      • String ID: ^)$.ifl$<appname>$<appversion>$AcceptOptn$Addition$AdditionalTasks$Allow_Desktopicons$Allow_StartMenuFolder$ApplicationFolder$Appname$BM~g$BackBtn$BrowseBtn$CancelBtn$ChangeApplicationFolder$ChangeStartMenuFolder$Commands.dat$Company$CouldNotExtractFile$CouldNotExtractFileH$CreateDesktopIconCbx$CreateStartMenuFolderCbx$DFA$Default.ifl$Desktopicon$DestinationFolderFR3$Dll$DoNotAcceptOptn$Error$ExitSetup$ExitSetupH$Finish$FinishBtn$Gadgets$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HeadB$HeadT$Image_Left.jpg$Image_Top.jpg$InstallDir$InstallForge$InstallForge Setup$Installing$Languages$LaunchProgramCbx$Licence$LicenceAgreement$Main$Messages$Microsoft Sans Serif$NextBtn$NoOSCheck$OS.dat$ProgramFiles$ProgramRun$ProgramRunArguments$RebootCbx$Registry$SC.dat$SFA$SPS_Time$SelAppFolder$SelStartMenuFolder$SerialCheck$Serialcheck$Serials$Serials.dat$Setup$Setup Error!$Setup Error! -f$Setup.cab$Shell execute$ShortcutFolder$SplashScreen$Start$StartMenuFolder$Text$Text1$Text2$Text3$Text4$There is already an InstallForge setup running! Please close the running setup in order to continue.$Title$TotalSize$Uninstaller$UninstallerFilename$Uninstaller_VW$Url$UrlFileName$Variables.dat$Verdana$Version$Website$Website1$Windows 10$Windows 2000$Windows 7$Windows 8$Windows Server 2003$Windows Server 2008$Windows Server 2016$Windows Vista$Windows XP$Your operating system is not supported.$\Shell32.dll$dll.dll$icon.dat$isps.dat$label$languages.dat$licence.rtf$ssps.dat
                                                                                                                                                                                                      • API String ID: 3356826795-2233399581
                                                                                                                                                                                                      • Opcode ID: 5087dd5819aa3a5a96ed5b0ef5f09bd72f1f14c180d018dd38488f87de94e6d9
                                                                                                                                                                                                      • Instruction ID: 2c60e97324895152ddd5225313fbd1138f62d8ea17331308dc46dd8347ff369b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5087dd5819aa3a5a96ed5b0ef5f09bd72f1f14c180d018dd38488f87de94e6d9
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9C4336B1340211BAD7117B51EC53F6A3668EB48718F50802BF650A92E2E7FD5CD09BAF
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040F5A1 Relevance: 72.1, APIs: 40, Strings: 1, Instructions: 365memorypipesynchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 1802 40f5a1-40f5fd memset 1803 40f60c 1802->1803 1804 40f5ff-40f60a 1802->1804 1805 40f610-40f618 1803->1805 1804->1805 1806 40f637-40f63a 1805->1806 1807 40f61a-40f61f 1805->1807 1809 40f674-40f67d 1806->1809 1810 40f63c-40f63f 1806->1810 1807->1806 1808 40f621-40f626 1807->1808 1808->1806 1811 40f628-40f635 1808->1811 1813 40f6f1-40f6f4 1809->1813 1814 40f67f-40f683 1809->1814 1810->1809 1812 40f641-40f656 CreatePipe 1810->1812 1815 40f670 1811->1815 1812->1809 1816 40f658-40f669 call 40f56a 1812->1816 1817 40f720-40f725 1813->1817 1818 40f6f6-40f6ff 1813->1818 1819 40f685-40f69a CreatePipe 1814->1819 1820 40f6b8-40f6bc 1814->1820 1815->1809 1816->1815 1825 40f727 1817->1825 1826 40f72c-40f72f 1817->1826 1823 40f701-40f705 GetStdHandle 1818->1823 1824 40f708-40f70b 1818->1824 1819->1820 1827 40f69c-40f6b1 call 40f56a 1819->1827 1820->1813 1821 40f6be-40f6d3 CreatePipe 1820->1821 1821->1813 1831 40f6d5-40f6ea call 40f56a 1821->1831 1823->1824 1833 40f714-40f717 1824->1833 1834 40f70d-40f711 GetStdHandle 1824->1834 1825->1826 1829 40f731 1826->1829 1830 40f738-40f765 wcslen * 2 HeapAlloc 1826->1830 1827->1820 1829->1830 1836 40f767-40f788 wcscpy wcscat * 2 1830->1836 1837 40f78a-40f792 wcscpy 1830->1837 1831->1813 1833->1817 1839 40f719-40f71d GetStdHandle 1833->1839 1834->1833 1840 40f793-40f799 1836->1840 1837->1840 1839->1817 1842 40f7b4-40f7b9 1840->1842 1843 40f79b-40f7b1 wcscat * 2 1840->1843 1844 40f7c3-40f7e9 CreateProcessW 1842->1844 1845 40f7bb-40f7be 1842->1845 1843->1842 1847 40f877-40f87a 1844->1847 1848 40f7ef-40f7f2 1844->1848 1845->1844 1846 40f7c0 1845->1846 1846->1844 1849 40f881-40f884 1847->1849 1850 40f87c-40f87f CloseHandle 1847->1850 1851 40f7f4-40f7f7 CloseHandle 1848->1851 1852 40f7f9-40f7fc 1848->1852 1853 40f886-40f889 CloseHandle 1849->1853 1854 40f88b-40f88e 1849->1854 1850->1849 1851->1852 1855 40f803-40f806 1852->1855 1856 40f7fe-40f801 CloseHandle 1852->1856 1853->1854 1859 40f890-40f893 CloseHandle 1854->1859 1860 40f895-40f898 1854->1860 1857 40f808-40f80b CloseHandle 1855->1857 1858 40f80d-40f816 CloseHandle 1855->1858 1856->1855 1857->1858 1861 40f823-40f826 1858->1861 1862 40f818-40f81d WaitForSingleObject 1858->1862 1859->1860 1863 40f89a-40f89d CloseHandle 1860->1863 1864 40f89f-40f8a2 1860->1864 1867 40f828-40f868 EnterCriticalSection call 4285d0 LeaveCriticalSection 1861->1867 1868 40f86d-40f872 CloseHandle 1861->1868 1862->1861 1863->1864 1865 40f8a4-40f8a7 CloseHandle 1864->1865 1866 40f8a9-40f8ac 1864->1866 1865->1866 1869 40f8b3-40f8b7 1866->1869 1870 40f8ae-40f8b1 CloseHandle 1866->1870 1878 40f98c-40f98f 1867->1878 1872 40f99a 1868->1872 1873 40f9a1-40f9bb HeapFree 1869->1873 1874 40f8bd-40f8c0 1869->1874 1870->1869 1872->1873 1876 40f8c2-40f8cf wcslen 1874->1876 1877 40f8fb-40f93f memset ShellExecuteExW 1874->1877 1876->1877 1879 40f8d1-40f8d5 1876->1879 1877->1873 1880 40f941-40f945 1877->1880 1878->1873 1881 40f8d7-40f8db 1879->1881 1882 40f8dd-40f8df 1879->1882 1883 40f952-40f955 1880->1883 1884 40f947-40f94c WaitForSingleObject 1880->1884 1881->1879 1881->1882 1882->1877 1885 40f8e1-40f8f8 wcscpy 1882->1885 1886 40f991-40f994 CloseHandle 1883->1886 1887 40f957-40f989 EnterCriticalSection call 4285d0 LeaveCriticalSection 1883->1887 1884->1883 1885->1877 1886->1872 1887->1878
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 0040F5E9
                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000), ref: 0040F64E
                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000), ref: 0040F692
                                                                                                                                                                                                      • CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000), ref: 0040F6CB
                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F6,?,?,00000000), ref: 0040F703
                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F5,?,?,00000000), ref: 0040F70F
                                                                                                                                                                                                      • GetStdHandle.KERNEL32(000000F4,?,?,00000000), ref: 0040F71B
                                                                                                                                                                                                      • wcslen.MSVCRT ref: 0040F739
                                                                                                                                                                                                      • wcslen.MSVCRT ref: 0040F743
                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,00000008,?,?,00000000), ref: 0040F758
                                                                                                                                                                                                      • wcscpy.MSVCRT ref: 0040F76E
                                                                                                                                                                                                      • wcscat.MSVCRT ref: 0040F777
                                                                                                                                                                                                      • wcscat.MSVCRT ref: 0040F780
                                                                                                                                                                                                      • wcscpy.MSVCRT ref: 0040F78C
                                                                                                                                                                                                      • wcscat.MSVCRT ref: 0040F7A3
                                                                                                                                                                                                      • wcscat.MSVCRT ref: 0040F7AC
                                                                                                                                                                                                      • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?,?,?,00000000), ref: 0040F7DB
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F7F7
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F801
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F80B
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F810
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,00000000), ref: 0040F81D
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0046C260,?,?,00000000), ref: 0040F82E
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0046C260,?,?,00000000), ref: 0040F845
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F870
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F87F
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F889
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F893
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F89D
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F8A7
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F8B1
                                                                                                                                                                                                      • wcslen.MSVCRT ref: 0040F8C3
                                                                                                                                                                                                      • wcscpy.MSVCRT ref: 0040F8E5
                                                                                                                                                                                                      • memset.MSVCRT ref: 0040F904
                                                                                                                                                                                                      • ShellExecuteExW.SHELL32(?), ref: 0040F937
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,00000000), ref: 0040F94C
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0046C260,?,?,?,?,?,00000000), ref: 0040F95D
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0046C260,?,?,?,?,?,00000000), ref: 0040F974
                                                                                                                                                                                                        • Part of subcall function 0040F56A: GetCurrentProcess.KERNEL32(0040F6E6,00000000,00000000,00000002,00000100,?,?,0040F6E6,?,?,00000000), ref: 0040F57F
                                                                                                                                                                                                        • Part of subcall function 0040F56A: GetCurrentProcess.KERNEL32(?,00000000,?,?,0040F6E6,?,?,00000000), ref: 0040F584
                                                                                                                                                                                                        • Part of subcall function 0040F56A: DuplicateHandle.KERNEL32(00000000,?,?,0040F6E6,?,?,00000000), ref: 0040F587
                                                                                                                                                                                                        • Part of subcall function 0040F56A: CloseHandle.KERNEL32(?,?,0040F6E6,?,?,00000000), ref: 0040F594
                                                                                                                                                                                                      • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 0040F994
                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,00000000), ref: 0040F9AB
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Handle$Close$CreateCriticalSectionwcscat$PipeProcesswcscpywcslen$CurrentEnterHeapLeaveObjectSingleWaitmemset$AllocDuplicateExecuteFreeShell
                                                                                                                                                                                                      • String ID: 41C
                                                                                                                                                                                                      • API String ID: 550696126-4121658310
                                                                                                                                                                                                      • Opcode ID: 4d2a24b07462e8b0583448f33c3bf71192fa5218c5ba50a45ddbb19a49dba05a
                                                                                                                                                                                                      • Instruction ID: 257813081c952a18ad069377244783b89e0f79eac355b175b07de754c0a97bd6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4d2a24b07462e8b0583448f33c3bf71192fa5218c5ba50a45ddbb19a49dba05a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2FE14A728002489BCF359FA5D884ADE3BF8FF08354F14413BF924A26A1D7799949CF95
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040FA07 Relevance: 51.0, APIs: 28, Strings: 1, Instructions: 208stringmemoryfileCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 2485 40fa07-40fa14 2486 40fa16-40fa19 2485->2486 2487 40fa29-40fa2d 2485->2487 2486->2487 2488 40fa1b-40fa1e 2486->2488 2489 40fa5a-40fa5c 2487->2489 2490 40fa2f-40fa31 2487->2490 2488->2487 2491 40fa20-40fa27 CloseHandle 2488->2491 2492 40fa62-40fa65 2489->2492 2494 40fbf3-40fbf6 2489->2494 2490->2492 2493 40fa33-40fa38 2490->2493 2491->2487 2497 40fbd6-40fbdb 2492->2497 2498 40fa6b-40fa73 2492->2498 2493->2489 2495 40fa3a-40fa56 CreateFileW 2493->2495 2496 40fc06-40fc08 2494->2496 2495->2489 2501 40fa58 2495->2501 2504 40fbf8-40fc05 call 428590 2496->2504 2505 40fc0a-40fc10 2496->2505 2499 40fbeb-40fbed FindCloseChangeNotification 2497->2499 2500 40fbdd-40fbe5 HeapFree 2497->2500 2502 40fa75-40fa78 2498->2502 2503 40fa7a 2498->2503 2499->2494 2500->2499 2501->2489 2507 40fa7c-40fa7f 2502->2507 2503->2507 2504->2496 2508 40fc20-40fc25 2505->2508 2509 40fc12-40fc1a HeapFree 2505->2509 2511 40faba-40fac0 2507->2511 2512 40fc35-40fc44 memset 2508->2512 2513 40fc27-40fc2f HeapFree 2508->2513 2509->2508 2514 40fa81-40fa87 2511->2514 2515 40fac2-40fac4 2511->2515 2513->2512 2518 40fa89-40fa8c 2514->2518 2519 40faab-40fab3 strlen 2514->2519 2516 40fac6-40fad9 SetFilePointer SetEndOfFile 2515->2516 2517 40fade-40faf5 HeapAlloc 2515->2517 2522 40fbd5 2516->2522 2517->2522 2523 40fafb-40fb04 2517->2523 2518->2519 2520 40fa8e-40faa9 strlen * 2 2518->2520 2521 40fab7-40fab9 2519->2521 2520->2521 2521->2511 2522->2497 2524 40fb06-40fb1c strcpy strlen 2523->2524 2525 40fb1e-40fb21 2523->2525 2524->2525 2526 40fb9a-40fb9c 2525->2526 2527 40fb23-40fb29 2526->2527 2528 40fb9e-40fbcf SetFilePointer WriteFile SetEndOfFile HeapFree 2526->2528 2529 40fb46-40fb49 2527->2529 2530 40fb2b-40fb44 strcpy strcat 2527->2530 2528->2522 2532 40fb64-40fb76 strcpy strcat 2529->2532 2533 40fb4b-40fb62 strcpy strcat 2529->2533 2531 40fb79-40fb7f strcat 2530->2531 2534 40fb82-40fb98 strcat strlen 2531->2534 2532->2531 2533->2534 2534->2526
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4), ref: 0040FA21
                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000004,00000080,00000000,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000), ref: 0040FA4B
                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040FA91
                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040FA9B
                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040FAAE
                                                                                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!), ref: 0040FACB
                                                                                                                                                                                                      • SetEndOfFile.KERNEL32(00000000,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000), ref: 0040FAD3
                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000), ref: 0040FAE7
                                                                                                                                                                                                      • strcpy.MSVCRT(00000000,0043314C,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000), ref: 0040FB0C
                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040FB12
                                                                                                                                                                                                      • strcpy.MSVCRT(00000000,00433148,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000), ref: 0040FB31
                                                                                                                                                                                                      • strcat.MSVCRT(00000000,?,00000000,00433148,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!), ref: 0040FB3A
                                                                                                                                                                                                      • strcpy.MSVCRT(00000000,00433140,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000), ref: 0040FB51
                                                                                                                                                                                                      • strcat.MSVCRT(00000000,?,00000000,00433140,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!), ref: 0040FB5A
                                                                                                                                                                                                      • strcpy.MSVCRT(00000000,?,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000), ref: 0040FB66
                                                                                                                                                                                                      • strcat.MSVCRT(00000000, = ,00000000,?,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!), ref: 0040FB71
                                                                                                                                                                                                      • strcat.MSVCRT(00000000,?,00000000, = ,00000000,?,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000), ref: 0040FB7A
                                                                                                                                                                                                      • strcat.MSVCRT(00000000,00433138,0043A840,00000007,00000000), ref: 0040FB88
                                                                                                                                                                                                      • strlen.MSVCRT ref: 0040FB8E
                                                                                                                                                                                                      • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,0043A840,00000007,00000000), ref: 0040FBA3
                                                                                                                                                                                                      • WriteFile.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,0043A840,00000007,00000000), ref: 0040FBB9
                                                                                                                                                                                                      • SetEndOfFile.KERNEL32(00000000,?,?,?,0043A840,00000007,00000000), ref: 0040FBC1
                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,?,0043A840,00000007,00000000), ref: 0040FBCF
                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000), ref: 0040FBE5
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000), ref: 0040FBED
                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000), ref: 0040FC1A
                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000), ref: 0040FC2F
                                                                                                                                                                                                      • memset.MSVCRT ref: 0040FC39
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$Heapstrcatstrlen$Freestrcpy$ClosePointer$AllocChangeCreateFindHandleNotificationWritememset
                                                                                                                                                                                                      • String ID: =
                                                                                                                                                                                                      • API String ID: 3308001263-2525689732
                                                                                                                                                                                                      • Opcode ID: bae60c5762a20af3d75e740f0bcc6243069a0f01c1d799ee24d6f3115bd9f968
                                                                                                                                                                                                      • Instruction ID: c7c249bcb8de922bb31b40cfe678dccd13b635899d2c6cd190e15f46aa4f12b6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bae60c5762a20af3d75e740f0bcc6243069a0f01c1d799ee24d6f3115bd9f968
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2F61C471200204AFCB306F51DC85C2FB7B9FB19744B20483EF645A1A61D7BAAC59DF1A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041DCC0 Relevance: 44.9, APIs: 23, Strings: 2, Instructions: 1148COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: $SysListView32
                                                                                                                                                                                                      • API String ID: 0-2148278154
                                                                                                                                                                                                      • Opcode ID: 93a46a1aa193c7c706cfa34e53430b6df0d93683d466b6fae8325fec156f8587
                                                                                                                                                                                                      • Instruction ID: a2a7c53041db397b0e8ff06ccd578a4cc7ebc0a6bf5f6ffe1aab2e75f232bdea
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93a46a1aa193c7c706cfa34e53430b6df0d93683d466b6fae8325fec156f8587
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 22B21979108309EFDB11AF11D8806DA77A1FB48314F50482AFEA587362E379ADD1CF5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00424A65 Relevance: 38.9, APIs: 20, Strings: 2, Instructions: 378windowCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 2935 424a65-424a94 call 428039 call 42516e 2940 424f14-424f18 2935->2940 2941 424a9a-424aa2 2935->2941 2942 424ae3 2941->2942 2943 424aa4-424ab7 GetPropW 2941->2943 2944 424ae7-424ae9 2942->2944 2945 424ac9-424acc 2943->2945 2946 424ab9-424ac7 GetParent 2943->2946 2947 424b0a-424b0f 2944->2947 2948 424aeb-424af0 2944->2948 2945->2942 2949 424ace-424ae1 call 427eaa 2945->2949 2946->2943 2946->2945 2950 424af2-424b03 2947->2950 2951 424b11-424b28 2947->2951 2948->2947 2948->2950 2949->2944 2950->2951 2964 424b05 2950->2964 2954 424e25-424e2c 2951->2954 2955 424b2e 2951->2955 2956 424e32 2954->2956 2957 424ed0-424ed7 2954->2957 2959 424da1-424db8 call 4249ef 2955->2959 2960 424b34-424b37 2955->2960 2962 424e34-424e3b 2956->2962 2963 424e89-424e8f 2956->2963 2965 424f07 2957->2965 2966 424ed9-424eda 2957->2966 2987 424f0d 2959->2987 2988 424dbe-424dc5 2959->2988 2967 424cd6-424cd9 2960->2967 2968 424b3d 2960->2968 2971 424e70-424e72 2962->2971 2972 424e3d 2962->2972 2979 424e91-424e93 2963->2979 2980 424ea8 2963->2980 2964->2940 2969 424f0a 2965->2969 2973 424ef9-424f05 2966->2973 2974 424edc-424edf 2966->2974 2977 424d7a-424d7c 2967->2977 2978 424cdf-424ce2 2967->2978 2975 424b43-424b46 2968->2975 2976 424c79-424c7b 2968->2976 2969->2987 2982 424f11 2971->2982 2991 424e78-424e84 2971->2991 2972->2982 2990 424e43-424e49 2972->2990 2973->2969 2974->2982 2992 424ee1-424eeb 2974->2992 2993 424b48-424b4a 2975->2993 2994 424b5c-424b5e 2975->2994 2985 424cc0-424cd1 call 4258f1 2976->2985 2986 424c7d-424c81 2976->2986 2981 424d82-424d86 2977->2981 2977->2982 2995 424ce4-424ce7 2978->2995 2996 424d15-424d17 2978->2996 2983 424ea4-424ea6 2979->2983 2984 424e95-424e96 2979->2984 2989 424eaa-424eba call 4258f1 2980->2989 2981->2982 3003 424d8c-424d9c EnumChildWindows 2981->3003 2982->2940 2983->2989 3004 424ea0-424ea2 2984->3004 3005 424e98-424e9a 2984->3005 2985->2982 3007 424c83-424ca7 GetClientRect FillRect 2986->3007 3008 424ca9-424cae 2986->3008 2987->2982 3009 424df1-424df4 2988->3009 3010 424dc7-424de1 GetWindowLongW 2988->3010 3021 424ebd-424ece PostMessageW 2989->3021 2990->2992 3000 424e4f-424e55 2990->3000 2991->2987 3013 424eec-424ef7 call 4249ef 2992->3013 3001 424be0-424be6 2993->3001 3002 424b50-424b51 2993->3002 2994->2987 3006 424b64-424b69 2994->3006 2997 424d05-424d10 2995->2997 2998 424ce9-424cec 2995->2998 2996->2982 2999 424d1d-424d24 2996->2999 2997->3013 2998->2982 3014 424cf2-424cfa RemovePropW 2998->3014 3015 424d26-424d2c 2999->3015 3016 424d2e-424d3b GetWindowLongW 2999->3016 3000->2982 3017 424e5b-424e61 3000->3017 3029 424bd4-424bdb 3001->3029 3030 424be8-424beb 3001->3030 3018 424b53-424b56 3002->3018 3019 424b7f-424b84 3002->3019 3003->2982 3004->2989 3020 424e9c-424e9e 3005->3020 3005->3021 3006->2987 3022 424b6f-424b7a 3006->3022 3007->2985 3008->2985 3023 424cb0-424cb5 3008->3023 3026 424df6-424dfb 3009->3026 3027 424ded-424def 3009->3027 3010->2987 3024 424de7 3010->3024 3013->2982 3014->2997 3033 424d44-424d4b 3015->3033 3016->3033 3034 424d3d 3016->3034 3017->2992 3035 424e63-424e69 3017->3035 3018->2982 3018->2994 3037 424b86-424b96 GetPropW 3019->3037 3038 424bb5-424bcf GetFocus SetPropW call 425717 3019->3038 3020->2989 3021->2982 3036 424c6c-424c74 call 4258f1 3022->3036 3023->2985 3039 424cb7-424cbd 3023->3039 3024->3027 3041 424e09-424e0e 3026->3041 3042 424dfd 3026->3042 3040 424e19-424e20 3027->3040 3029->2982 3030->2982 3043 424bf1-424bf7 3030->3043 3048 424d53-424d5a 3033->3048 3049 424d4d-424d50 3033->3049 3034->3033 3035->2992 3050 424e6b 3035->3050 3036->2987 3052 424b98-424b99 SetFocus 3037->3052 3053 424b9f-424bb3 call 4258f1 3037->3053 3038->3029 3039->2985 3040->2987 3044 424e10-424e12 3041->3044 3045 424e14-424e17 3041->3045 3055 424dff-424e04 call 42560f 3042->3055 3046 424c49-424c4e 3043->3046 3047 424bf9-424bfa 3043->3047 3044->3055 3045->3040 3058 424c50-424c62 call 4258f1 3046->3058 3059 424c65-424c69 3046->3059 3056 424c34-424c47 3047->3056 3057 424bfc-424bfd 3047->3057 3060 424d62-424d69 3048->3060 3061 424d5c-424d5f 3048->3061 3049->3048 3050->2982 3052->3053 3053->3029 3055->2987 3056->3036 3066 424c08-424c2f call 4258f1 * 2 3057->3066 3067 424bff-424c06 3057->3067 3058->3059 3069 424c6a 3059->3069 3060->2987 3070 424d6f-424d75 3060->3070 3061->3060 3066->2987 3067->3069 3069->3036 3070->2987
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0042516E: SystemParametersInfoW.USER32(00000026,00000000,?,00000000), ref: 004251BF
                                                                                                                                                                                                        • Part of subcall function 0042516E: GetWindowRect.USER32(?,00000010), ref: 004251E7
                                                                                                                                                                                                        • Part of subcall function 0042516E: GetWindowRect.USER32(?,00000020), ref: 004251F0
                                                                                                                                                                                                        • Part of subcall function 0042516E: GetSystemMetrics.USER32(0000003D), ref: 00425200
                                                                                                                                                                                                        • Part of subcall function 0042516E: GetSystemMetrics.USER32(0000003E), ref: 00425207
                                                                                                                                                                                                        • Part of subcall function 0042516E: GetWindowLongW.USER32(?,000000F0), ref: 00425211
                                                                                                                                                                                                        • Part of subcall function 0042516E: GetSystemMetrics.USER32(00000005), ref: 00425220
                                                                                                                                                                                                        • Part of subcall function 0042516E: GetSystemMetrics.USER32(0000002E), ref: 00425240
                                                                                                                                                                                                        • Part of subcall function 0042516E: GetSystemMetrics.USER32(00000022), ref: 0042524F
                                                                                                                                                                                                        • Part of subcall function 0042516E: GetSystemMetrics.USER32(00000023), ref: 00425256
                                                                                                                                                                                                        • Part of subcall function 0042516E: GetSystemMetrics.USER32(0000003B), ref: 0042525D
                                                                                                                                                                                                        • Part of subcall function 0042516E: GetSystemMetrics.USER32(0000003C), ref: 00425264
                                                                                                                                                                                                        • Part of subcall function 0042516E: SendMessageW.USER32(?,00000024,00000000,00000034), ref: 00425279
                                                                                                                                                                                                        • Part of subcall function 0042516E: GetKeyState.USER32(00000001), ref: 0042527D
                                                                                                                                                                                                        • Part of subcall function 0042516E: SendMessageW.USER32(?,00000201,00000001,00000000), ref: 00425293
                                                                                                                                                                                                        • Part of subcall function 0042516E: SetCapture.USER32(?), ref: 00425298
                                                                                                                                                                                                        • Part of subcall function 0042516E: PostMessageW.USER32(?,00000231,00000000,00000000), ref: 004252A8
                                                                                                                                                                                                      • GetPropW.USER32(?,PB_WindowID), ref: 00424AAC
                                                                                                                                                                                                      • GetParent.USER32(?), ref: 00424ABC
                                                                                                                                                                                                      • GetPropW.USER32(?,PB_Focus), ref: 00424B8E
                                                                                                                                                                                                      • SetFocus.USER32(00000000), ref: 00424B99
                                                                                                                                                                                                      • _strftime.LIBCMT ref: 00424BAB
                                                                                                                                                                                                      • GetFocus.USER32 ref: 00424BB5
                                                                                                                                                                                                      • SetPropW.USER32(?,PB_Focus,00000000), ref: 00424BC4
                                                                                                                                                                                                        • Part of subcall function 00425717: SendMessageW.USER32(00000001,00000129,00000000,00000000), ref: 0042572E
                                                                                                                                                                                                        • Part of subcall function 00425717: SendMessageW.USER32(00000000,00000128,00030001,00000000), ref: 00425756
                                                                                                                                                                                                        • Part of subcall function 00425717: InvalidateRect.USER32(00000000,00000000,00000000,?,?,?,0042493E,00000000,?,?,?,?,00000001), ref: 0042575D
                                                                                                                                                                                                      • _strftime.LIBCMT ref: 00424C1B
                                                                                                                                                                                                      • _strftime.LIBCMT ref: 00424C27
                                                                                                                                                                                                      • _strftime.LIBCMT ref: 00424C6C
                                                                                                                                                                                                      • GetClientRect.USER32(?,00000000), ref: 00424C8A
                                                                                                                                                                                                      • FillRect.USER32(?,00000000,?), ref: 00424C9A
                                                                                                                                                                                                      • _strftime.LIBCMT ref: 00424CC9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: System$Metrics$MessageRect_strftime$Send$PropWindow$Focus$CaptureClientFillInfoInvalidateLongParametersParentPostState
                                                                                                                                                                                                      • String ID: PB_Focus$PB_WindowID
                                                                                                                                                                                                      • API String ID: 54628344-3744720988
                                                                                                                                                                                                      • Opcode ID: 9ab02f8df00f252774b2fd1c45447e34874e63999f279dcd98f7f13a6e1ea2ef
                                                                                                                                                                                                      • Instruction ID: 70ec7af560c5503971c1190a1851f1c0ae7862d2736eb539a9c0cb0990a13988
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9ab02f8df00f252774b2fd1c45447e34874e63999f279dcd98f7f13a6e1ea2ef
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 70D12130700225ABDF219F55ED44BBB7A64FFC4300F92401BF90996690E779DE60DB5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004242C5 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 251memoryregistryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 3268 4242c5-4242e2 3269 4242e4-4242e9 call 424fb1 3268->3269 3270 4242ee-424302 call 427e22 3268->3270 3269->3270 3274 424304-42430a 3270->3274 3275 42430f 3270->3275 3274->3275 3276 42430c-42430d 3274->3276 3277 424312-424329 call 431fc0 3275->3277 3276->3277 3280 424332-42438a memset RegisterClassW 3277->3280 3281 42432b 3277->3281 3282 42438f-42439d 3280->3282 3283 42438c 3280->3283 3281->3280 3284 4243a1-4243a7 3282->3284 3285 42439f 3282->3285 3283->3282 3286 4243b4 3284->3286 3287 4243a9-4243b2 3284->3287 3285->3284 3288 4243bb-4243be 3286->3288 3287->3288 3289 4243c0-4243c8 3288->3289 3290 4243cf-424411 AdjustWindowRectEx 3288->3290 3289->3290 3291 424413-424416 3290->3291 3292 424418-42441b 3290->3292 3291->3292 3293 424425-424428 3291->3293 3292->3293 3294 42441d-424422 3292->3294 3295 424461-424464 3293->3295 3296 42442a-424435 GetSystemMetrics 3293->3296 3294->3293 3299 424466-42446b 3295->3299 3300 4244b7-4244eb CreateWindowExW 3295->3300 3297 424437 3296->3297 3298 42443a-42444f GetSystemMetrics 3296->3298 3297->3298 3303 424451 3298->3303 3304 424454-42445f 3298->3304 3305 424477-4244ab GetWindowRect 3299->3305 3306 42446d-424475 GetActiveWindow 3299->3306 3301 4244f1-424505 SetPropW 3300->3301 3302 4245ac-4245cd UnregisterClassW call 427f10 3300->3302 3308 424507-42450d 3301->3308 3309 424529-424598 HeapAlloc CreateAcceleratorTableW 3301->3309 3318 4245cf-4245d3 3302->3318 3303->3304 3304->3300 3310 4244af-4244b1 3305->3310 3311 4244ad 3305->3311 3306->3300 3306->3305 3314 424513-424519 3308->3314 3315 42450f-424511 3308->3315 3316 4245a1-4245a6 3309->3316 3317 42459a-42459c call 4321c6 3309->3317 3310->3300 3313 4244b3 3310->3313 3311->3310 3313->3300 3320 42451b-42451d 3314->3320 3321 42451f 3314->3321 3319 424521-424523 ShowWindow 3315->3319 3316->3318 3323 4245a8-4245aa 3316->3323 3317->3316 3319->3309 3320->3319 3321->3319 3323->3318
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 00424339
                                                                                                                                                                                                      • RegisterClassW.USER32(?), ref: 0042437E
                                                                                                                                                                                                      • AdjustWindowRectEx.USER32(?,?,00000000,?), ref: 004243EF
                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000000), ref: 0042442C
                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000001), ref: 00424446
                                                                                                                                                                                                      • GetActiveWindow.USER32 ref: 0042446D
                                                                                                                                                                                                      • GetWindowRect.USER32(00000010,?), ref: 0042447C
                                                                                                                                                                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,00000010,00000000,00000000), ref: 004244DF
                                                                                                                                                                                                      • SetPropW.USER32(00000000,PB_WindowID,00000100), ref: 004244FC
                                                                                                                                                                                                      • ShowWindow.USER32(00000000,00000001,?,?,?,?,?,00000001), ref: 00424523
                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00000000,0000000C,?,?,?,?,?,00000001), ref: 00424548
                                                                                                                                                                                                      • CreateAcceleratorTableW.USER32(?,?,?,?,?,?,?,00000001), ref: 00424585
                                                                                                                                                                                                      • UnregisterClassW.USER32(?), ref: 004245B9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$ClassCreateMetricsRectSystem$AcceleratorActiveAdjustAllocHeapPropRegisterShowTableUnregistermemset
                                                                                                                                                                                                      • String ID: PB_WindowID$WindowClass_%d
                                                                                                                                                                                                      • API String ID: 3388888743-2937193648
                                                                                                                                                                                                      • Opcode ID: f8c3f20f76dfcf8cb19a8a3353b963f88ed9460b7d17f5d73efe978aee73a589
                                                                                                                                                                                                      • Instruction ID: 327cb529d6adfd8b8bb482b10843d6415dc6b28d91832ad7c2639c896330e7e6
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f8c3f20f76dfcf8cb19a8a3353b963f88ed9460b7d17f5d73efe978aee73a589
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9A18C71A0021ADFCB10CFA8ED85B9EBBF4FF44344F54422AF955A32A0D7B89950CB59
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00424104 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 76memorywindowCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 3324 424104-424120 call 427eaa 3327 4241f6-4241f8 3324->3327 3328 424126-424132 GetWindow 3324->3328 3329 424141-42415d RemovePropW * 2 3328->3329 3330 424134-424138 3328->3330 3332 424167-42416c 3329->3332 3333 42415f-424161 RevokeDragDrop 3329->3333 3330->3329 3331 42413a-42413b SetActiveWindow 3330->3331 3331->3329 3334 424180-424197 KiUserCallbackDispatcher call 431fc0 3332->3334 3335 42416e-42417e SendMessageW 3332->3335 3333->3332 3338 42419c-4241ac UnregisterClassW 3334->3338 3336 4241b2-4241b7 3335->3336 3339 4241d1-4241d6 3336->3339 3340 4241b9-4241cb HeapFree DestroyAcceleratorTable 3336->3340 3338->3336 3341 4241d8-4241d9 DeleteObject 3339->3341 3342 4241df-4241f1 call 425a28 call 427f10 3339->3342 3340->3339 3341->3342 3342->3327
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindow.USER32(00000000,00000004), ref: 0042412A
                                                                                                                                                                                                      • SetActiveWindow.USER32(00000000), ref: 0042413B
                                                                                                                                                                                                      • RemovePropW.USER32(00000000,PB_WindowID), ref: 0042414F
                                                                                                                                                                                                      • RemovePropW.USER32(00000000,PB_DropAccept), ref: 00424158
                                                                                                                                                                                                      • RevokeDragDrop.OLE32(00000000), ref: 00424161
                                                                                                                                                                                                      • SendMessageW.USER32(?,00000221,00000000,00000000), ref: 00424178
                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(00000000), ref: 00424182
                                                                                                                                                                                                      • UnregisterClassW.USER32(?), ref: 004241AC
                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?), ref: 004241C2
                                                                                                                                                                                                      • DestroyAcceleratorTable.USER32(?), ref: 004241CB
                                                                                                                                                                                                      • DeleteObject.GDI32(?), ref: 004241D9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: PropRemoveWindow$AcceleratorActiveCallbackClassDeleteDestroyDispatcherDragDropFreeHeapMessageObjectRevokeSendTableUnregisterUser
                                                                                                                                                                                                      • String ID: PB_DropAccept$PB_WindowID$WindowClass_%d
                                                                                                                                                                                                      • API String ID: 3636796199-976223216
                                                                                                                                                                                                      • Opcode ID: f6f36b73b9db567f888ba9ec81bdde63d98d799a79e4b88e99b11cc00826ed0b
                                                                                                                                                                                                      • Instruction ID: 6e5fc0946f00e7a395c5f6497eb0e83fa8e0a9ddecac9347fe6db61c28e46ab1
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f6f36b73b9db567f888ba9ec81bdde63d98d799a79e4b88e99b11cc00826ed0b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50218B31600210BBDF216F61EC0DF2A7BB9EF54B40F104426F941A2174EBB6AC61DF5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0042162D Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 3474 42162d-421639 3475 4216e9-42171d CallWindowProcW GetPropW GetWindowLongW 3474->3475 3476 42163f-421642 3474->3476 3477 42173a 3475->3477 3478 42171f-42172d call 427eaa 3475->3478 3479 4216b2-4216c9 RemovePropW HeapFree 3476->3479 3480 421644-421645 3476->3480 3485 42173c-421740 3477->3485 3478->3477 3489 42172f-421735 call 421331 3478->3489 3481 4216cf-4216e7 CallWindowProcW 3479->3481 3483 421647-421649 3480->3483 3484 421674-421678 3480->3484 3481->3485 3483->3481 3487 42164f-42166f CallWindowProcW call 421514 3483->3487 3484->3481 3488 42167a-421698 CallWindowProcW call 42143e 3484->3488 3487->3477 3494 42169d-42169f 3488->3494 3489->3477 3495 4216a1-4216a6 3494->3495 3496 4216ab-4216ad 3494->3496 3495->3485 3496->3485
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CallWindowProcW.USER32(?,00000085,?,?), ref: 00421664
                                                                                                                                                                                                        • Part of subcall function 00421514: GetWindowDC.USER32(?), ref: 00421542
                                                                                                                                                                                                        • Part of subcall function 00421514: GetWindowRect.USER32(?,?), ref: 00421550
                                                                                                                                                                                                        • Part of subcall function 00421514: GetPropW.USER32(?,PB_ClientRect), ref: 0042156E
                                                                                                                                                                                                        • Part of subcall function 00421514: memcpy.MSVCRT ref: 00421580
                                                                                                                                                                                                        • Part of subcall function 00421514: ExcludeClipRect.GDI32(?,?,?,?,?), ref: 004215B3
                                                                                                                                                                                                        • Part of subcall function 00421514: IsWindowEnabled.USER32(?), ref: 004215D8
                                                                                                                                                                                                        • Part of subcall function 00421514: ReleaseDC.USER32(?,?), ref: 00421621
                                                                                                                                                                                                      • CallWindowProcW.USER32(?,00000083,?,?), ref: 00421690
                                                                                                                                                                                                      • RemovePropW.USER32(?,PB_ClientRect), ref: 004216BA
                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000), ref: 004216C9
                                                                                                                                                                                                      • CallWindowProcW.USER32(?,?,?,?), ref: 004216E1
                                                                                                                                                                                                      • CallWindowProcW.USER32(?,00000030,?,?), ref: 004216FA
                                                                                                                                                                                                      • GetPropW.USER32(?,PB_ID), ref: 00421708
                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F4), ref: 00421715
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$CallProc$Prop$Rect$ClipEnabledExcludeFreeHeapLongReleaseRemovememcpy
                                                                                                                                                                                                      • String ID: PB_ClientRect$PB_ID
                                                                                                                                                                                                      • API String ID: 3045710053-1186144853
                                                                                                                                                                                                      • Opcode ID: b6ff0e5cbacca881479c548caff3d7354e45a10429aa4efb5432d8e929a0806b
                                                                                                                                                                                                      • Instruction ID: f4b22154673e098da541672915b56536d38ff0945dc09c5f2ef93a9209185d41
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b6ff0e5cbacca881479c548caff3d7354e45a10429aa4efb5432d8e929a0806b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5A218C36210119BFCF116FA4FC48E9A3B6AFF64740F844026F90596170E7B59C60DB5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C1D4 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 191registryCOMMON
                                                                                                                                                                                                      Download Yara Rule

                                                                                                                                                                                                      Control-flow Graph

                                                                                                                                                                                                      • Executed
                                                                                                                                                                                                      • Not Executed
                                                                                                                                                                                                      control_flow_graph 4118 40c1d4-40c1d5 4119 40c1da-40c1e5 4118->4119 4119->4119 4120 40c1e7-40c229 call 40a000 * 3 call 40a008 4119->4120 4129 40c22b 4120->4129 4130 40c22d-40c235 4120->4130 4131 40c28f-40c29e call 429a30 4129->4131 4132 40c237 4130->4132 4133 40c239-40c241 4130->4133 4140 40c2a0-40c2b2 call 40a008 4131->4140 4141 40c2b7-40c2c8 call 40c4a4 4131->4141 4132->4131 4135 40c243 4133->4135 4136 40c245-40c24d 4133->4136 4135->4131 4138 40c251-40c259 4136->4138 4139 40c24f 4136->4139 4142 40c25b 4138->4142 4143 40c25d-40c265 4138->4143 4139->4131 4152 40c45c-40c49e call 429a70 * 7 4140->4152 4153 40c2e1-40c354 call 40a008 call 429950 call 4299b0 call 429950 call 4299b0 call 428e40 call 429a30 4141->4153 4154 40c2ca-40c2dc call 40a008 4141->4154 4142->4131 4146 40c267 4143->4146 4147 40c269-40c271 4143->4147 4146->4131 4150 40c273 4147->4150 4151 40c275-40c28a call 40a008 4147->4151 4150->4131 4151->4152 4187 40c356-40c378 call 428b00 call 428c10 call 4299b0 4153->4187 4188 40c37d-40c38c call 429a30 4153->4188 4154->4152 4187->4188 4193 40c3b0-40c3e2 RegConnectRegistryW RegOpenKeyExW 4188->4193 4194 40c38e-40c3ae RegOpenKeyExW 4188->4194 4196 40c3e6-40c3ec 4193->4196 4194->4196 4198 40c43d-40c458 RegCloseKey call 40a008 4196->4198 4199 40c3ee-40c426 call 429250 RegSetValueExW call 40a008 4196->4199 4198->4152 4206 40c42b-40c439 RegCloseKey 4199->4206 4206->4152
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                        • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                        • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(024D0000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(?,?,00000000,000F003F,00000000,00000001,00000000,00000000,?,?,?,?,00000000), ref: 0040C3A5
                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(00000000,?,?), ref: 0040C3BD
                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,000F003F,00000000,00000000,?,?,00000001,00000000,00000000,?,?,?,?,00000000), ref: 0040C3DD
                                                                                                                                                                                                      • RegSetValueExW.ADVAPI32(00000000,?,00000000,00000001,000F003F,-00000002,00000000,00000000,?,00000000,000F003F,00000000,00000000,?,?,00000001), ref: 0040C414
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,00000000,?,00000000,00000001,000F003F,-00000002,00000000,00000000,?,00000000,000F003F,00000000,00000000,?,?), ref: 0040C42F
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ERROR, subkeyname is empty, xrefs: 0040C2A0
                                                                                                                                                                                                      • ERROR, sub key dont exist, xrefs: 0040C2CA
                                                                                                                                                                                                      • ERROR, #HKEY is empty, xrefs: 0040C275
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: HeapOpen$AllocAllocateCloseConnectRegistryValuewcslen
                                                                                                                                                                                                      • String ID: ERROR, #HKEY is empty$ERROR, sub key dont exist$ERROR, subkeyname is empty
                                                                                                                                                                                                      • API String ID: 1228465285-196979880
                                                                                                                                                                                                      • Opcode ID: 5514d959cf69f775d10939095124b1f6b2dcb264748074a9d7e76ccb49a71b48
                                                                                                                                                                                                      • Instruction ID: 2b94ce77bffadc17852fd9d3b22516a2b584cba972ade5f651fe69af74992f8e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 5514d959cf69f775d10939095124b1f6b2dcb264748074a9d7e76ccb49a71b48
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 04614E70208301EBC701BB61E8C2A6F77A5EF84308F60893FF585662A1D7799C55DB5B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0042346F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowLongW.USER32(?,000000F4), ref: 0042347A
                                                                                                                                                                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 004234A7
                                                                                                                                                                                                      • RemovePropW.USER32(?,PB_ID), ref: 004234D2
                                                                                                                                                                                                      • RemovePropW.USER32(?,PB_DropAccept), ref: 004234DA
                                                                                                                                                                                                      • RevokeDragDrop.OLE32(?), ref: 004234E1
                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F4,000000FF), ref: 004234EC
                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 00423520
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$LongProcPropRemove$CallDragDropRevoke
                                                                                                                                                                                                      • String ID: PB_DropAccept$PB_ID
                                                                                                                                                                                                      • API String ID: 2605631428-3688647018
                                                                                                                                                                                                      • Opcode ID: dfc8583ffc0179372469c6fb46855722b903e166f95b6d5ed30eb3542eefd1c3
                                                                                                                                                                                                      • Instruction ID: 21b377eb54c46b52a857f2476cd818dec27cbb7e73fcb85eef5e2676ea6b9f6a
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dfc8583ffc0179372469c6fb46855722b903e166f95b6d5ed30eb3542eefd1c3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1F11AF31604125BB8B015F64EC84C6B3B7CFB49775B104226F834621E0DBB99D10DB6A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00424841 Relevance: 15.2, APIs: 10, Instructions: 152windowmemoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,00000001), ref: 0042488D
                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,00000001), ref: 00424899
                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000003), ref: 004248E2
                                                                                                                                                                                                      • MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,000000FF,000005FF), ref: 00424903
                                                                                                                                                                                                      • PeekMessageW.USER32(?,00000000,00000000,00000000,00000003), ref: 00424919
                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00424929
                                                                                                                                                                                                      • GetActiveWindow.USER32 ref: 0042492F
                                                                                                                                                                                                      • TranslateAcceleratorW.USER32(000000FF,00000000,?), ref: 0042494A
                                                                                                                                                                                                      • TranslateMessage.USER32(?), ref: 00424969
                                                                                                                                                                                                      • DispatchMessageW.USER32(?), ref: 00424973
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Message$FreeHeapPeekTranslate$AcceleratorActiveCallbackDispatchDispatcherMultipleObjectsUserWaitWindow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1841929057-0
                                                                                                                                                                                                      • Opcode ID: 137067e3954b147197c2852cef3d95f3ef4b2d280938ad449329f2b247cf2dba
                                                                                                                                                                                                      • Instruction ID: 5bdb1e47ebafb0d2f97a3e2ff72b772ae95e805535ab1f2b36919add93d7bf1b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 137067e3954b147197c2852cef3d95f3ef4b2d280938ad449329f2b247cf2dba
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A0516DB4A00B10AFC735DF65E884C6BBBF9FFC8710790492EE45682A50D774E841CB69
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040B084 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 148registryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,000F003F,00000000,00000000,00000000,000F003F,00000001,00000001,?,00000001,00000000,00000000,00000000), ref: 0040B1F3
                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(00000001,?,?), ref: 0040B20B
                                                                                                                                                                                                      • RegCreateKeyExW.ADVAPI32(?,00000001,00000000,00000000,00000000,000F003F,?,00000001,00000001,00000001,?,?,00000001,00000000,00000000,00000000), ref: 0040B23F
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(00000000,?,00000001,00000000,00000000,00000000,000F003F,?,00000001,00000001,00000001,?,?,00000001,00000000,00000000), ref: 0040B254
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Create$CloseConnectRegistry
                                                                                                                                                                                                      • String ID: ERROR, #HKEY is empty$ERROR, false type$ERROR, subkeyname is empty
                                                                                                                                                                                                      • API String ID: 3739685399-669851651
                                                                                                                                                                                                      • Opcode ID: 757f646d48c2b9c1df1c2ad70befea8467691b7b46ef49cec6f08e0c8b7fd753
                                                                                                                                                                                                      • Instruction ID: d79bea859f8f122aecf4f0144055704a2379aabbd7284b72be669317afa814dc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 757f646d48c2b9c1df1c2ad70befea8467691b7b46ef49cec6f08e0c8b7fd753
                                                                                                                                                                                                      • Instruction Fuzzy Hash: EC517C70208301ABC711AF11EC91A6F77A5EF54344F20883FF5826A1A1EB799C56DB9F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C4A4 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 138registryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(00000000,0040A2AC,00000000,00020019,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,80000004,0040A2AC), ref: 0040C5F5
                                                                                                                                                                                                      • RegCloseKey.ADVAPI32(?,00000000,0040A2AC,00000000,00020019,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,80000004), ref: 0040C642
                                                                                                                                                                                                        • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                      • RegConnectRegistryW.ADVAPI32(00000000,00000000,0040A2AC), ref: 0040C60D
                                                                                                                                                                                                      • RegOpenKeyExW.ADVAPI32(00000000,0040A2AC,00000000,00020019,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,80000004,0040A2AC), ref: 0040C62D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      • ERROR, subkeyname is empty, xrefs: 0040C54C
                                                                                                                                                                                                      • ERROR, sub key not found, xrefs: 0040C659
                                                                                                                                                                                                      • ERROR, #HKEY is empty, xrefs: 0040C521
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Open$AllocateCloseConnectHeapRegistry
                                                                                                                                                                                                      • String ID: ERROR, #HKEY is empty$ERROR, sub key not found$ERROR, subkeyname is empty
                                                                                                                                                                                                      • API String ID: 2391762236-1661012673
                                                                                                                                                                                                      • Opcode ID: 65729a938f8d0291f0a0f04b9f5beaa9430504905f6348d4eb981ea4e64aa9be
                                                                                                                                                                                                      • Instruction ID: 7331ad5c3f4a4468b582587033725609b3540ff9f57beb01662973def572fbbd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 65729a938f8d0291f0a0f04b9f5beaa9430504905f6348d4eb981ea4e64aa9be
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 08416D70208311EBC711AB20ECC1A2F77A5EF44308F608A3FF546A61A1DB799C569B5F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004320FD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00431FC0: _vsnwprintf.MSVCRT ref: 00431FD4
                                                                                                                                                                                                      • GetPropW.USER32(?,?), ref: 00432123
                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?), ref: 00432178
                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000), ref: 00432182
                                                                                                                                                                                                      • RemovePropW.USER32(?,?), ref: 0043218B
                                                                                                                                                                                                      • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 004321A6
                                                                                                                                                                                                      • DefWindowProcW.USER32(?,?,?,?), ref: 004321BA
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeHeapProcPropWindow$CallRemove_vsnwprintf
                                                                                                                                                                                                      • String ID: PB_GadgetStack_%i
                                                                                                                                                                                                      • API String ID: 178367583-1190326050
                                                                                                                                                                                                      • Opcode ID: 96cb807580e01b1e027b59f78468675e3519b2a3243b8aea9f3e2cd938c60435
                                                                                                                                                                                                      • Instruction ID: cc478df7d21734f91895439bede0890fa443c0ac92021617ec81fb51e7e98a3c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 96cb807580e01b1e027b59f78468675e3519b2a3243b8aea9f3e2cd938c60435
                                                                                                                                                                                                      • Instruction Fuzzy Hash: F5213972500209FFCF119F90EE84CAA7B7AFB08355F00807AFA05A6220D7B59D61DF96
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004200E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 00420114
                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000044), ref: 00420152
                                                                                                                                                                                                      • GetSystemMetrics.USER32(00000045), ref: 0042015B
                                                                                                                                                                                                      • CreateWindowExW.USER32(?,STATIC,00000000,50000100,?,?,?,?,00000000,000000FF,00000000,-FFFFFEC7), ref: 00420194
                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000FC,0041FDB4), ref: 004201A8
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MetricsSystemWindow$CreateLongmemset
                                                                                                                                                                                                      • String ID: STATIC
                                                                                                                                                                                                      • API String ID: 498952651-1882779555
                                                                                                                                                                                                      • Opcode ID: 8c02f266b4ca1e4da6b6fa3c692244ff65e9e0e3bf4176f830a88228ed73d8fc
                                                                                                                                                                                                      • Instruction ID: 7744e577b02ca489db7dac857713f03384ebf94a729d5319be29522e2ee7859e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8c02f266b4ca1e4da6b6fa3c692244ff65e9e0e3bf4176f830a88228ed73d8fc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 14215171A00218BFDB019FA5EC449AA3BA9EB09358F00413AF90596271E7F94C91DB9E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00426B6D Relevance: 9.1, APIs: 6, Instructions: 59memoryfileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,?,00426C0F,?,?,00000000,0040159D), ref: 00426B8B
                                                                                                                                                                                                      • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,00426C0F,?,?,00000000,0040159D,000000C8,00000000,0046AFD8,00000000), ref: 00426B9D
                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000000,?,?,?,?,?,00426C0F,?,?,00000000,0040159D,000000C8,00000000,0046AFD8,00000000), ref: 00426BAD
                                                                                                                                                                                                      • ReadFile.KERNELBASE(?,00000000,00000000,?,00000000,?,?,?,?,?,00426C0F,?,?,00000000,0040159D,000000C8), ref: 00426BC3
                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(00000000,00000000,?,?,?,?,?,00426C0F,?,?,00000000,0040159D,000000C8,00000000,0046AFD8,00000000), ref: 00426BE7
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,00426C0F,?,?,00000000,0040159D,000000C8,00000000,0046AFD8,00000000,00000001), ref: 00426BF0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$Heap$AllocateChangeCloseCreateFindFreeNotificationReadSize
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2261520354-0
                                                                                                                                                                                                      • Opcode ID: 580bce743d05f54e19f040ff96d52d026498e0ddf3a8e1f3768a57371c7e0e84
                                                                                                                                                                                                      • Instruction ID: 5ce91b61363d4b48814312fd394d0a9feabefdf2ebc81d0f696142e0a8217438
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 580bce743d05f54e19f040ff96d52d026498e0ddf3a8e1f3768a57371c7e0e84
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3D1127B1600168BFDB215FA5EC88EAF7F7DEB417A0F10813AF801E6160E6B09D10CA25
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00421C04 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 00421C2E
                                                                                                                                                                                                      • CreateWindowExW.USER32(?,Edit,00000000,?,?,?,?,?,00000000,000000FF,00000000,-FFFFFEC7), ref: 00421CBC
                                                                                                                                                                                                      • SetWindowLongW.USER32(00000000,000000FC,00421BC5), ref: 00421CE0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Window$CreateLongmemset
                                                                                                                                                                                                      • String ID: 05Vo$Edit
                                                                                                                                                                                                      • API String ID: 2917088559-2293288859
                                                                                                                                                                                                      • Opcode ID: 0eeab1b251d201721b721a4a8896c99e02515dda87542d10bf2639b33ee2d22d
                                                                                                                                                                                                      • Instruction ID: d9c918d304344f383ae810d655fdad3e2823fb455bfc82bd3410eed2219fe931
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0eeab1b251d201721b721a4a8896c99e02515dda87542d10bf2639b33ee2d22d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8821DEB1600215AFDB204F16EC09F163EB9EB50365F10422AF560962B0EBF99864CB9E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0042352C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000FC,0042346F), ref: 00423566
                                                                                                                                                                                                      • SetWindowLongW.USER32(?,000000F4,000000FF), ref: 00423571
                                                                                                                                                                                                      • SetPropW.USER32(?,PB_ID,000000FF), ref: 0042357C
                                                                                                                                                                                                      • SendMessageW.USER32(?,00000030,?,00000001), ref: 0042358D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: LongWindow$MessagePropSend
                                                                                                                                                                                                      • String ID: PB_ID
                                                                                                                                                                                                      • API String ID: 499798845-4173770792
                                                                                                                                                                                                      • Opcode ID: 86af0f68bb1aa0a42af094b8af81ce54ed9b68d6ec62858d0118a3a926f96289
                                                                                                                                                                                                      • Instruction ID: ed85781749b5b246fed9c57d5b64a34d3fc5b906890d8a5f8816de75811ddbb0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 86af0f68bb1aa0a42af094b8af81ce54ed9b68d6ec62858d0118a3a926f96289
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 13019271600315BFCF109F59DC84E4ABBB8FB44761F10862AF96557290D3B4E940CF94
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00412C18 Relevance: 8.0, APIs: 5, Instructions: 465COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • MakeSureDirectoryPathExists.IMAGEHLP(?,00000000,00000000,?,?,00000000,00000000,00000008,?,?,?,?,?,00000001,?,?), ref: 00412D47
                                                                                                                                                                                                      • OemToCharW.USER32(?,?), ref: 00412DC9
                                                                                                                                                                                                      • MakeSureDirectoryPathExists.IMAGEHLP(?,00000000,00000000,?,?,00000000,00000000,00000008,00000001,?,00000000,00000000,00000000,00000000,00469100,00000001), ref: 00413002
                                                                                                                                                                                                        • Part of subcall function 0041C720: RtlAllocateHeap.NTDLL(02280000,00000008,00000000,00409AA5,00000001,?,00000000,00000000,00000007,0040341A,00000057,00000000,00000000,00000000,00000000,00000000), ref: 0041C731
                                                                                                                                                                                                        • Part of subcall function 0041C6C0: memcpy.MSVCRT ref: 0041C6FA
                                                                                                                                                                                                        • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                        • Part of subcall function 0041C5B0: HeapFree.KERNEL32(02280000,00000000,00000000,00403478,0046B16C,00000000,00000057,00000000,00000000,00000000,00000000,00000057,00000000,00000000,00000000,00000000), ref: 0041C5BE
                                                                                                                                                                                                      • MakeSureDirectoryPathExists.IMAGEHLP(?,00000000,00000000,?,?,00000000,00000000,00000008,00000001,?,00000000,00000000,00000000,00000000,00469100,00000001), ref: 00413162
                                                                                                                                                                                                      • SetFileAttributesW.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,?,?,00000000,00000000,?,00019000,FFFFFFFF,00019000), ref: 00413324
                                                                                                                                                                                                        • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(024D0000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$DirectoryExistsMakePathSure$Allocate$AllocAttributesCharFileFreememcpy
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4055739490-0
                                                                                                                                                                                                      • Opcode ID: 43f06104c22bfa8c2f70adc399a3545c9dfabf87c9aebba4af76278d60f26f39
                                                                                                                                                                                                      • Instruction ID: 75b02a04a12e442dd39238cc83b8e077f0a1e21f2bf5aeab1ef63a012de2d1b9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 43f06104c22bfa8c2f70adc399a3545c9dfabf87c9aebba4af76278d60f26f39
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 92022FB1104341AFD721AF61DC81B9F7BA9FF44304F10882EF29486261DBB99CD5DB9A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00412980 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 197COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID:
                                                                                                                                                                                                      • String ID: 1.2.3
                                                                                                                                                                                                      • API String ID: 0-2310465506
                                                                                                                                                                                                      • Opcode ID: 876017cd097b5646cc5e0c34f3aca1dc7bc126e5a52e7cccc05c3f7887764a43
                                                                                                                                                                                                      • Instruction ID: 305858f776bc7fa35b417e5f98dd1da6d4fbd1beb282b069888b85c7fc5d999f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 876017cd097b5646cc5e0c34f3aca1dc7bc126e5a52e7cccc05c3f7887764a43
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 4971E0B16002048FCB24DF19C980ADAB7E5FF88354F14416BED09CB316D7BAD995CBA9
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041B4C0 Relevance: 7.6, APIs: 5, Instructions: 112filememoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,021A1000,0043A840,?,?,?,?,00000000,0041B633,00000000), ref: 0041B4F3
                                                                                                                                                                                                      • CreateFileW.KERNELBASE(00000000,C0000000,00000001,00000000,00000004,00000080,00000000,021A1000,0043A840,?,?,?,?,00000000,0041B633,00000000), ref: 0041B515
                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(021A0000,00000000,00001000,021A1000,0043A840,?,?,?,?,00000000,0041B633,00000000,00401259,00000000,00000000,00000000), ref: 0041B57D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateFile$AllocateHeap
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2813278966-0
                                                                                                                                                                                                      • Opcode ID: 8aa8c90ffbdfe143bbb6f39c7800b623081a2f4f5530b70454572da1cea728b2
                                                                                                                                                                                                      • Instruction ID: 90b75b041ba6963f889926e4fda0b06d8734c26dde0d3fcb26683a573a9fc820
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8aa8c90ffbdfe143bbb6f39c7800b623081a2f4f5530b70454572da1cea728b2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5331D1727413117BE2309B68AC85FA6B399E744778F20462AF661A72D0D7B4AC8087DD
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040E1CD Relevance: 7.6, APIs: 5, Instructions: 59synchronizationthreadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateThread.KERNELBASE(00000000,00001000,?,?,00000000,?), ref: 0040E1E4
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0046BF18,0045DF26,00000007,?,00404570,00000000,00000000,00000035,00000000,0000004C,00000001,00000035,00000001,0000002D,00000001,0000002B), ref: 0040E1FA
                                                                                                                                                                                                      • WaitForSingleObject.KERNEL32(00000008,00000000,?,?,00404570,00000000,00000000,00000035,00000000,0000004C,00000001,00000035,00000001,0000002D,00000001,0000002B), ref: 0040E217
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000008,?,?,00404570,00000000,00000000,00000035,00000000,0000004C,00000001,00000035,00000001,0000002D,00000001,0000002B,00000001), ref: 0040E223
                                                                                                                                                                                                        • Part of subcall function 00428590: HeapFree.KERNEL32(00000000,-00000008,00427F46,-00000010,00000000,004276C2,00000000,?,00000000,IsThemeActive,FFFFFFFF,UxTheme.dll,00000000,00000000,0041CB18,00000008), ref: 004285C9
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0046BF18,?,00404570,00000000,00000000,00000035,00000000,0000004C,00000001,00000035,00000001,0000002D,00000001,0000002B,00000001,0000001B), ref: 0040E25D
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$CloseCreateEnterFreeHandleHeapLeaveObjectSingleThreadWait
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3708593966-0
                                                                                                                                                                                                      • Opcode ID: cc210eadc01e40f38193409489535def29ffe849ee3f6c717ac269954fe114b1
                                                                                                                                                                                                      • Instruction ID: d0d143a94830e8b8cacaea77c711ab9eb9f5d772bf0824b423a1605002441151
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cc210eadc01e40f38193409489535def29ffe849ee3f6c717ac269954fe114b1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 8B119432204320ABC7248F56EC04A5777ECEF48710B00486EF941B7261EBB56C50CFAE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00422205 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 00422231
                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,msctls_progress32,00000000,?,?,?,?,?,00000000,00000000,00000000,-FFFFFEC7), ref: 004222B8
                                                                                                                                                                                                      • SendMessageW.USER32(00000000,00000406,?,?), ref: 004222D0
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateMessageSendWindowmemset
                                                                                                                                                                                                      • String ID: msctls_progress32
                                                                                                                                                                                                      • API String ID: 2250917740-3107856198
                                                                                                                                                                                                      • Opcode ID: 9a8431e7cbe9fbfd2ae267590e24813c59eb1550b8e736c8b06ac3d80b951513
                                                                                                                                                                                                      • Instruction ID: 8058ce802a90515a70da91959561f8ec5665e01b09c063a425148d5fc1abf698
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 9a8431e7cbe9fbfd2ae267590e24813c59eb1550b8e736c8b06ac3d80b951513
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A621A171200214FFCB018F51ED44D5A3FA9FB45358F00413AF60496170EBFA8960DBAE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040F4B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00429C80: RtlReAllocateHeap.NTDLL(024D0000,00000000,024D05D0,000041FE,00000000,00000000), ref: 00429CCA
                                                                                                                                                                                                      • GetModuleFileNameW.KERNEL32(00000000,00000104,00000104,00000000,?,?,?,00401170,00000000,00000000,00000000,00000000,00000004,00000006,00000008,0043A820), ref: 0040F4CC
                                                                                                                                                                                                      • wcscmp.MSVCRT ref: 0040F4DA
                                                                                                                                                                                                      • memmove.MSVCRT ref: 0040F4EF
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateFileHeapModuleNamememmovewcscmp
                                                                                                                                                                                                      • String ID: \\?\
                                                                                                                                                                                                      • API String ID: 2856431501-4282027825
                                                                                                                                                                                                      • Opcode ID: ef25291fdddb9a739f85240246cea818c56750ad02a28f084d231048c6e56d88
                                                                                                                                                                                                      • Instruction ID: 1220a6776a010df372dedd0a0a8c69d3ac48da2a766cc7967e234599669c9bf9
                                                                                                                                                                                                      • Opcode Fuzzy Hash: ef25291fdddb9a739f85240246cea818c56750ad02a28f084d231048c6e56d88
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 3EF0A7F32007117AE310AB76ED89CAB7BDCEB98325F10153BFA45D1111EB7CA914D269
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004048D2 Relevance: 6.0, APIs: 4, Instructions: 38synchronizationCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateMutexW.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 004048F0
                                                                                                                                                                                                      • GetLastError.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 004048FA
                                                                                                                                                                                                      • ReleaseMutex.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 0040492A
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 00404935
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Mutex$CloseCreateErrorHandleLastRelease
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 733076996-0
                                                                                                                                                                                                      • Opcode ID: 8aa3218fea7f42e4a239cc0142093b4708dd2e522f657c39c5019defce42112b
                                                                                                                                                                                                      • Instruction ID: 403ee495fab279d4775e93be771954519e2cb568df44b60383037cbe1f9710fd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8aa3218fea7f42e4a239cc0142093b4708dd2e522f657c39c5019defce42112b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6BF068F12583019BCB50AF70DC82B6BB2A5D7C0304F00443BF244BA1E1E57D8C659A5F
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040E26B Relevance: 6.0, APIs: 4, Instructions: 32threadCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 0040E135: EnterCriticalSection.KERNEL32(0046BF18,?,00000000,00000001,0040E279,00000000,00000000,?,?,004060E6,00000000,00000000,00000001,00000000,00000001,00000002), ref: 0040E140
                                                                                                                                                                                                        • Part of subcall function 0040E135: LeaveCriticalSection.KERNEL32(0046BF18,?,00000000,00000001,0040E279,00000000,00000000,?,?,004060E6,00000000,00000000,00000001,00000000,00000001,00000002), ref: 0040E171
                                                                                                                                                                                                      • TerminateThread.KERNELBASE(00000000,00000000,00000000,?,?,004060E6,00000000,00000000,00000001,00000000,00000001,00000002,00000001,0000003D,00000001,00000040), ref: 0040E27A
                                                                                                                                                                                                      • EnterCriticalSection.KERNEL32(0046BF18,?,?,004060E6,00000000,00000000,00000001,00000000,00000001,00000002,00000001,0000003D,00000001,00000040,00000000,00000035), ref: 0040E286
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000008,?,?,004060E6,00000000,00000000,00000001,00000000,00000001,00000002,00000001,0000003D,00000001,00000040,00000000,00000035), ref: 0040E2A5
                                                                                                                                                                                                        • Part of subcall function 00428590: HeapFree.KERNEL32(00000000,-00000008,00427F46,-00000010,00000000,004276C2,00000000,?,00000000,IsThemeActive,FFFFFFFF,UxTheme.dll,00000000,00000000,0041CB18,00000008), ref: 004285C9
                                                                                                                                                                                                      • LeaveCriticalSection.KERNEL32(0046BF18,?,?,004060E6,00000000,00000000,00000001,00000000,00000001,00000002,00000001,0000003D,00000001,00000040,00000000,00000035), ref: 0040E2B9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CriticalSection$EnterLeave$CloseFreeHandleHeapTerminateThread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 85618057-0
                                                                                                                                                                                                      • Opcode ID: 784aa8fdaee5fc419792a0b8c4f18810d4cf0ab011c89fae8bed61d5e47e6634
                                                                                                                                                                                                      • Instruction ID: 99b923dec1313a7ba1b3843724a12c938b1d5e611cf63d1f12f0f5a853006961
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 784aa8fdaee5fc419792a0b8c4f18810d4cf0ab011c89fae8bed61d5e47e6634
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 9CF0B4311052109BC2045B52EC08D9A37ACDF85721B14487FF100A71A1E7B85C418BAE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00420267 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 00420291
                                                                                                                                                                                                      • CreateWindowExW.USER32(?,Static,00000000,?,?,?,?,?,00000000,000000FF,00000000,-FFFFFEC7), ref: 0042031D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateWindowmemset
                                                                                                                                                                                                      • String ID: Static
                                                                                                                                                                                                      • API String ID: 1730425660-2272013587
                                                                                                                                                                                                      • Opcode ID: d2024f4fdded4ad0c72e0da32dee23e2dcb1c3acf65c8cc5525198ddf31bf7c5
                                                                                                                                                                                                      • Instruction ID: 8e80adcf364d3f1ca59af0efdb8c756169c96a1cd3a6c3bedbb45ca163f8559b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: d2024f4fdded4ad0c72e0da32dee23e2dcb1c3acf65c8cc5525198ddf31bf7c5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E9216F71601219AFDB118F45EC09F563FA9FB10365F00422AF8249A2B1D7FD8960DFAE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00421A54 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 00421A7E
                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,Button,?,?,?,?,?,?,00000000,000000FF,00000000), ref: 00421AF9
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateWindowmemset
                                                                                                                                                                                                      • String ID: Button
                                                                                                                                                                                                      • API String ID: 1730425660-1034594571
                                                                                                                                                                                                      • Opcode ID: 133ef5e64cae69b8a7173386d577e859eace017112c77b736b242b54b7a645ce
                                                                                                                                                                                                      • Instruction ID: 596e23bfc9670839f08e2accfe45bf49b9764abf1e1604e97d4eac04ee0690b0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 133ef5e64cae69b8a7173386d577e859eace017112c77b736b242b54b7a645ce
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E311B1B1201215AFDB158F55FC86E673BA9FB54314F00813AFA0486260EBB99C689F9D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004209EA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 00420A16
                                                                                                                                                                                                      • CreateWindowExW.USER32(00000000,Button,?,?,?,?,?,?,00000000,000000FF,00000000), ref: 00420A7D
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateWindowmemset
                                                                                                                                                                                                      • String ID: Button
                                                                                                                                                                                                      • API String ID: 1730425660-1034594571
                                                                                                                                                                                                      • Opcode ID: 01cc072e606566399e77c69cdc163be8a56ccebd945a50d3389a1ad626d7ed41
                                                                                                                                                                                                      • Instruction ID: ba64d75bfb0eed09f6f35c3ca7b3fa03a002e309cbae4d5691c0f029bbffb282
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 01cc072e606566399e77c69cdc163be8a56ccebd945a50d3389a1ad626d7ed41
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E118471500228BFCB119F95EC45D5B3FF9FB48356B40403AF90492221E7B98C60DF99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00415390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Strings
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fopen
                                                                                                                                                                                                      • String ID: r+b$[C
                                                                                                                                                                                                      • API String ID: 1432627528-2296212517
                                                                                                                                                                                                      • Opcode ID: 589b24543e9708554ceea1ec77c61aaa0cdd37b8706385f3e5cc905e6a427f92
                                                                                                                                                                                                      • Instruction ID: c4a53d9f7f7195e89e4942c8a4b00fc7292f876871920b726ccf3458e50a79fe
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 589b24543e9708554ceea1ec77c61aaa0cdd37b8706385f3e5cc905e6a427f92
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C7E09230705918CEDB1C8418A5423FB93279BD47D0F58C02F6D618B348E6BD9CC262DE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00404B3A Relevance: 4.6, APIs: 3, Instructions: 114comCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 00404BA0
                                                                                                                                                                                                      • CoCreateInstance.OLE32(0043A878,00000000,00000001,0043A888,?,00000000,00000000), ref: 00404BC0
                                                                                                                                                                                                      • CoUninitialize.OLE32(0043A878,00000000,00000001,0043A888,?,00000000,00000000), ref: 00404C69
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateInitializeInstanceUninitialize
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 948891078-0
                                                                                                                                                                                                      • Opcode ID: b9975eca1a0a9389766f2b8dc209c5d985e1c8f8e8d0f4140af95c09a466cb04
                                                                                                                                                                                                      • Instruction ID: a3cbfdd2fa9317f314191e8e097899b91daf619f6990a15b7770117914f37678
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b9975eca1a0a9389766f2b8dc209c5d985e1c8f8e8d0f4140af95c09a466cb04
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CB41D471208305AFC740EF25C886E5EBBE4AF98308F004969F18997271CB35ED59CB56
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041B397 Relevance: 4.6, APIs: 3, Instructions: 89filememoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,?,0041B671,00000000,021A1000,00000000,?,?,?,00401271,00000000), ref: 0041B415
                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(021A0000,00000000,?,00000000,021A1000,?,?,?,004013C1,00000000,00000001,00000000), ref: 0041B466
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000,021A1000,?,?,?,004013C1,00000000,00000001,00000000), ref: 0041B46F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ChangeCloseFileFindFreeHeapNotificationWrite
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3807821158-0
                                                                                                                                                                                                      • Opcode ID: 657bfaad25981841282f785d25b49419a9d74f9e88e82d1676614b0447ff0064
                                                                                                                                                                                                      • Instruction ID: 9cf912fe8276dc9f70a1b120a6e93c72a2a10e3ce2508b3a8cea1c763599cf43
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 657bfaad25981841282f785d25b49419a9d74f9e88e82d1676614b0447ff0064
                                                                                                                                                                                                      • Instruction Fuzzy Hash: FF2124729087509FC728DFA4D55ADA7BBB8EB45300B04881FF49243622D3B4E880CB9E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004154FC Relevance: 4.5, APIs: 3, Instructions: 40filetimeCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,00000000,00000000,?,00413315,00000000,?,00000000), ref: 00415532
                                                                                                                                                                                                        • Part of subcall function 0041793C: SystemTimeToFileTime.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 004179B3
                                                                                                                                                                                                        • Part of subcall function 0041793C: LocalFileTimeToFileTime.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 004179C1
                                                                                                                                                                                                      • SetFileTime.KERNEL32(?,00000000,00000000,?,?,?,?,40000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,00000000), ref: 00415565
                                                                                                                                                                                                      • CloseHandle.KERNEL32(00000000,?,00000000,00000000,?,?,?,?,40000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000), ref: 0041556E
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileTime$CloseCreateHandleLocalSystem
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1775212819-0
                                                                                                                                                                                                      • Opcode ID: 6ea3663da39ba42c3e37d4a03a8b66805f4ba3411a6c06766d5e260932c5fa27
                                                                                                                                                                                                      • Instruction ID: d4ff4b9c0073df0512306744fb28a537e71491fc883c16058bbab95411fcc974
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 6ea3663da39ba42c3e37d4a03a8b66805f4ba3411a6c06766d5e260932c5fa27
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 19F04F71248300BFE210EA20CC42F6BB6EDEB84708F108919F684960E2D775AD58975A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00420B47 Relevance: 4.5, APIs: 3, Instructions: 40COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • GetWindowTextLengthW.USER32(00000000), ref: 00420B74
                                                                                                                                                                                                      • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00420B93
                                                                                                                                                                                                      • wcslen.MSVCRT ref: 00420B9A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: TextWindow$Lengthwcslen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4230322251-0
                                                                                                                                                                                                      • Opcode ID: 916c9465c9723718f3e6e20e708f513ea5f5fc79850ba53868875e158b71c016
                                                                                                                                                                                                      • Instruction ID: e240c25baf5dd20862e55b68f77e5754eb3d73a3791f55b90f9f0f7665f1cd84
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 916c9465c9723718f3e6e20e708f513ea5f5fc79850ba53868875e158b71c016
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 38F0C836204111BE97115B64EC44CAB7BE9FF88354B404026F40082125DB39DC10D769
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00415430 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fseek
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 623662203-0
                                                                                                                                                                                                      • Opcode ID: dd19ad0792b72bbca382d896fb99a20ac0a02df5a949a334d1d46f6d38307d77
                                                                                                                                                                                                      • Instruction ID: 604c482f6663a5021e751272107a91423f7667b976c491b07d03adc7605c9884
                                                                                                                                                                                                      • Opcode Fuzzy Hash: dd19ad0792b72bbca382d896fb99a20ac0a02df5a949a334d1d46f6d38307d77
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5DF0DAB16143016BD664DA7CC889F7B77D8ABC8311F081E2DB498C2394E729D8849A26
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041C006 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateDirectorywcslenwcsncpy
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 961886536-0
                                                                                                                                                                                                      • Opcode ID: 32b9713f1210cd60ef9bb5e0958140beb0def9e990c2cc2a56eac426b9a0861e
                                                                                                                                                                                                      • Instruction ID: c575e52156a52ed4e5164f87275b3e8cef1d4ae592f0844321a8428a554ca30e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 32b9713f1210cd60ef9bb5e0958140beb0def9e990c2cc2a56eac426b9a0861e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5201F9B2850208D6CF24DBE4CC89FDA77B8EB14304F6080A7D515D2091E7BD9EC8D75A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004220F6 Relevance: 4.5, APIs: 3, Instructions: 34windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SendMessageW.USER32(?,00000407,00000000,00000000), ref: 00422115
                                                                                                                                                                                                      • SendMessageW.USER32(?,00000407,00000001,00000000), ref: 0042213A
                                                                                                                                                                                                      • SendMessageW.USER32(?,00000406,00000000), ref: 00422144
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                      • Opcode ID: 4966340711df4d3f514d03c0d3d597bd26f30c2d2980f3ea3d9bfe90cf9ace40
                                                                                                                                                                                                      • Instruction ID: 6680de045753f599a664fcfa7c9ef89d6723b1d9b5b5b813d20d5378aef551c7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4966340711df4d3f514d03c0d3d597bd26f30c2d2980f3ea3d9bfe90cf9ace40
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42F0D076A40219FBEF214E41DC01FA67F6AEB447A0F118021FB443A1A0C6F16821DF99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040F109 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • memset.MSVCRT ref: 0040F116
                                                                                                                                                                                                      • InitCommonControlsEx.COMCTL32(00000000,00001000), ref: 0040F130
                                                                                                                                                                                                      • CoInitialize.OLE32(00000000), ref: 0040F138
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CommonControlsInitInitializememset
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2179856907-0
                                                                                                                                                                                                      • Opcode ID: b400d066d247f48d92530226d64b084b7f5c197f9227f0543e6c0fdf752f4640
                                                                                                                                                                                                      • Instruction ID: ed34baa9df9e2578f858b53e15805d49eef9ebdd02f8cb020f02b50e585ca46c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b400d066d247f48d92530226d64b084b7f5c197f9227f0543e6c0fdf752f4640
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 50E0ECB1900208BBEB40DBD0EC0AF8DBBBCAB04709F404065E204E61C0EBF4A6488766
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00425A74 Relevance: 3.1, APIs: 2, Instructions: 119COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: localtimemktime
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3641417603-0
                                                                                                                                                                                                      • Opcode ID: 71725d8f97e50dea9c286cb31257f6ef85968f65b5ea022df3796f90c3cc70e2
                                                                                                                                                                                                      • Instruction ID: 9f8eb1a228f0bd7bed15c58b0a76ec6d1f208596d8dd5408c853812b1be73a0c
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 71725d8f97e50dea9c286cb31257f6ef85968f65b5ea022df3796f90c3cc70e2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 2541C532F016298BCF24DF5CE4816DEBBA5EB14310FA48127E910E7291E338ED50CB99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040C6A4 Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,0040AED3,00000002,00000000,00402189,00000000,00000000,DFA), ref: 0040C6C3
                                                                                                                                                                                                        • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 0040C6FD
                                                                                                                                                                                                        • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                        • Part of subcall function 004295C0: CharUpperW.USER32(00000000,00000000,?,?,?,?,?,00000000,0040C734,?,00000000,00000000,00000000,00000000,?,00000000), ref: 00429610
                                                                                                                                                                                                        • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(024D0000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$AllocAllocateCharFolderFromListLocationPathSpecialUpperwcslen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3085956889-0
                                                                                                                                                                                                      • Opcode ID: 1d1eedf09a2ea40eb979802d2cac931e19fbb35f4f805f8c3b0d4206865ba8de
                                                                                                                                                                                                      • Instruction ID: ed15cdf679d2123bb3d7e2d5eb2ed5f06eea7acc14f464929505c26da578fb08
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 1d1eedf09a2ea40eb979802d2cac931e19fbb35f4f805f8c3b0d4206865ba8de
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7D112EB2204201AFD701EB61EC81D6B77EDFF44314F40842EF688C6221E7789C909BAA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406176 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,0000001A,00000000,00000000,00000104,00000000,00000000,00000000,00000000,0040987D,00000000,00000001,00000000,00000000,00000000,?), ref: 004061B4
                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 004061C1
                                                                                                                                                                                                        • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                        • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(024D0000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1484742105-0
                                                                                                                                                                                                      • Opcode ID: bae9bc9d1300abcf6ba3a22001abf7d31942c0730a7f4307e060655ca416ac52
                                                                                                                                                                                                      • Instruction ID: 7d4a24b2285f0c827129a8d82053b3c571bc0fcaa59b4c930afaed95f560345f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bae9bc9d1300abcf6ba3a22001abf7d31942c0730a7f4307e060655ca416ac52
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 02112EF1604211AFD715EB51FC42A2A77ACFB54314F44882FF284C6261D7B89C80CBAA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406259 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000023,00000000,00000000,00000104,00000000,00000000,00000000,00000000,004098C2,00000000,00000001,00000000,00000000,00000000,?), ref: 00406297
                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 004062A4
                                                                                                                                                                                                        • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                        • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(024D0000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1484742105-0
                                                                                                                                                                                                      • Opcode ID: 3de4f274a48d160ac856e7c186ab54c2cc5f0b7484ba69ec15588cdf22c91ad1
                                                                                                                                                                                                      • Instruction ID: 88be309fe31ecc67859f6bb57e244dfe8977bad481acc6ddc67cdf333e52502d
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3de4f274a48d160ac856e7c186ab54c2cc5f0b7484ba69ec15588cdf22c91ad1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: CA112EF1604211AFE715EB51FC42E2A77ADEB44318F44842FF644C6261D7B89C94CBAA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040641F Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000019,00000000,00000000,00000104,00000000,00000000,00000000,00000000,00409838,00000000,00000001,00000000,00000000,00000000,?), ref: 0040645D
                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 0040646A
                                                                                                                                                                                                        • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                        • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(024D0000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1484742105-0
                                                                                                                                                                                                      • Opcode ID: fb1b13b9b89d9fba1ce083ce22914e2ddae8abaf57d57f0b9f57eec2ea059d95
                                                                                                                                                                                                      • Instruction ID: 1a1fa6e01ccacee007ee15739fca046c9e028d866da00ddea5ed35547f5d6c72
                                                                                                                                                                                                      • Opcode Fuzzy Hash: fb1b13b9b89d9fba1ce083ce22914e2ddae8abaf57d57f0b9f57eec2ea059d95
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E1111CF1604211AFD715EB51FC42A2A77ACEB44314F44842EF254C6262D7B89C84DBAE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004066C8 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000005,00000000,00000000,00000104,00000000,00000000,00000000,00000000,0040969A,00000000,00000001,00000000,00000000,00000000,?), ref: 00406706
                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 00406713
                                                                                                                                                                                                        • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                        • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(024D0000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1484742105-0
                                                                                                                                                                                                      • Opcode ID: 93136bf729aae372259bd5b3791a856a36cc202c85b50d9cdb5d51c6361e520d
                                                                                                                                                                                                      • Instruction ID: 71c45b7fbf61636053186e55a823707644f994862d0f791ab36289eadf702b86
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 93136bf729aae372259bd5b3791a856a36cc202c85b50d9cdb5d51c6361e520d
                                                                                                                                                                                                      • Instruction Fuzzy Hash: AC112EF1604211AFD715EB51EC42E2A77ACEB44314F44842FF244C6261E7B89C80CFAA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004067AB Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,0000002E,00000000,00000000,00000104,00000000,00000000,00000000,00000000,004096DF,00000000,00000001,00000000,00000000,00000000,?), ref: 004067E9
                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 004067F6
                                                                                                                                                                                                        • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                        • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(024D0000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1484742105-0
                                                                                                                                                                                                      • Opcode ID: 46aea6bc3a85f16bcbaf90a74766d4fb977f5f9522373db905cb7329af12103b
                                                                                                                                                                                                      • Instruction ID: 13bb68f7f9583b8e9a12a99c652f1113855c79a213c16394ec41abe0dac14e52
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46aea6bc3a85f16bcbaf90a74766d4fb977f5f9522373db905cb7329af12103b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 98112EF1604211AFD715EB51FC42A2A77ADEB44314F44842FF284D6261D7B89C80CBAA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0040688E Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000014,00000000,00000000,00000104,00000000,00000000,00000000,00000000,004097AE,00000000,00000001,00000000,00000000,00000000,?), ref: 004068CC
                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 004068D9
                                                                                                                                                                                                        • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                        • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(024D0000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1484742105-0
                                                                                                                                                                                                      • Opcode ID: 2cc0a3716ec88ae72fceea1393f1ae889f140b90b78bad05adf2ce1c66c9750e
                                                                                                                                                                                                      • Instruction ID: 333536221f4685485911f6dbd60b646dcb6e7564056d3c903693a371a8964fc8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 2cc0a3716ec88ae72fceea1393f1ae889f140b90b78bad05adf2ce1c66c9750e
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5F112BF1604211AFD715EB51FC42A2A77ACEB44314F44842FF284DA261E7B89C81CBAE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406A48 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000002,00000000,00000000,00000104,00000000,00000000,00000000,00000000,00409724,00000000,00000001,00000000,00000000,00000000,?), ref: 00406A86
                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 00406A93
                                                                                                                                                                                                        • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                        • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(024D0000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1484742105-0
                                                                                                                                                                                                      • Opcode ID: b40a564332300a2d5bc3d97d487b93cea9300b33b2f76f3e95258608cd2d4612
                                                                                                                                                                                                      • Instruction ID: d1aba9edbdf58202fe00d84abec600271f86aa59a86cccccd060064d815687ef
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b40a564332300a2d5bc3d97d487b93cea9300b33b2f76f3e95258608cd2d4612
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 93111CF1604211AFD715EB51EC42E2A77ACEB44314F44842EF644DA262E7B89C80DFAA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406B2B Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000017,00000000,00000000,00000104,00000000,00000000,00000000,00000000,00409769,00000000,00000001,00000000,00000000,00000000,?), ref: 00406B69
                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 00406B76
                                                                                                                                                                                                        • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                        • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(024D0000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1484742105-0
                                                                                                                                                                                                      • Opcode ID: bc1db2b47629e466ff3c284932856ea890d0aaa96a7ed5d11d5733048e6f6fd7
                                                                                                                                                                                                      • Instruction ID: c172052b48f065783de00584a35e5bf44f518247813ac871aae00fb687b90d73
                                                                                                                                                                                                      • Opcode Fuzzy Hash: bc1db2b47629e466ff3c284932856ea890d0aaa96a7ed5d11d5733048e6f6fd7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 6E1121F1604211AFD715EB51FC42A2A77ACEB44314F54842FF284CA261E7B89C80DBAA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00406C0E Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                      • SHGetSpecialFolderLocation.SHELL32(00000000,00000007,00000000,00000000,00000104,00000000,00000000,00000000,00000000,00409610,00000000,00000001,00000000,00000000,00000000,?), ref: 00406C4C
                                                                                                                                                                                                      • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 00406C59
                                                                                                                                                                                                        • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                        • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(024D0000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1484742105-0
                                                                                                                                                                                                      • Opcode ID: b4a34c905d5839950ed43e5ad51efe15c9bd2a0298994052dc6e4608ad16a0db
                                                                                                                                                                                                      • Instruction ID: 47c18dc2ff13017dda123d593325e9589050ea94d9104a24cf76f019533fad54
                                                                                                                                                                                                      • Opcode Fuzzy Hash: b4a34c905d5839950ed43e5ad51efe15c9bd2a0298994052dc6e4608ad16a0db
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 15112EF1604211AFE715EB51FC42A2A77ACFB44314F44842FF284C6261D7B89C80CBAE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00427A6C Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(00000000,00000034,?,?,?,0041CA17,00000074,00000000,00000000,00000007,00401080,00000000,00001000,00000000,00000000), ref: 00427A7F
                                                                                                                                                                                                      • HeapAlloc.KERNEL32(00401080,00000008,?,?,?,0041CA17,00000074,00000000,00000000,00000007,00401080,00000000,00001000,00000000,00000000), ref: 00427A94
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$AllocAllocate
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2177240990-0
                                                                                                                                                                                                      • Opcode ID: 83e9df985fceff659173c6c81a1f9e9f0c7baf2ace3725a45c789c6094348af7
                                                                                                                                                                                                      • Instruction ID: 4a78dfe98a3a4cfade302f6977abac0f1efaa5ddf1f96b5d890e43c2b63c38e5
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 83e9df985fceff659173c6c81a1f9e9f0c7baf2ace3725a45c789c6094348af7
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 471128B1244B409FC360CF2AD981B07FBF4BB98714F50492EE18A97A91D7B4B414CB5A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004299B0 Relevance: 3.0, APIs: 2, Instructions: 46memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(024D0000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                      • HeapReAlloc.KERNEL32(024D0000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$AllocAllocate
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2177240990-0
                                                                                                                                                                                                      • Opcode ID: 35d8b24dc5a44f58801913d2834ca9b18c3b9b2a4c4d39a09df6fb656593825a
                                                                                                                                                                                                      • Instruction ID: 36c1da3cd3aee3458b78e3f0ca0cd9c4f1bd9e8ebc4d9d4d9ac431e88177dabd
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 35d8b24dc5a44f58801913d2834ca9b18c3b9b2a4c4d39a09df6fb656593825a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1311DBB4600208EFC700CF68E881E5A77BAFB89355F10C159F9598B354E775AD41CB99
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041B430 Relevance: 3.0, APIs: 2, Instructions: 32memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • FindCloseChangeNotification.KERNELBASE(00000000,021A1000,?,?,?,004013C1,00000000,00000001,00000000), ref: 0041B46F
                                                                                                                                                                                                        • Part of subcall function 0041B3F0: WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,?,0041B671,00000000,021A1000,00000000,?,?,?,00401271,00000000), ref: 0041B415
                                                                                                                                                                                                      • RtlFreeHeap.NTDLL(021A0000,00000000,?,00000000,021A1000,?,?,?,004013C1,00000000,00000001,00000000), ref: 0041B466
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ChangeCloseFileFindFreeHeapNotificationWrite
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3807821158-0
                                                                                                                                                                                                      • Opcode ID: 897af249c0bbbc47a9008fb4b3e364f102ca16508c7efd81c5e13b083661b3c3
                                                                                                                                                                                                      • Instruction ID: 6abd8a0181aab8a43d46853b8c31cfd3615734ccfe63a3ea3176dc8880bfdacc
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 897af249c0bbbc47a9008fb4b3e364f102ca16508c7efd81c5e13b083661b3c3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23F0E9716011106BC720A799EC48E5B77ACDBC4710B00851EF841532A1D7B89C41CBAE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00424279 Relevance: 3.0, APIs: 2, Instructions: 19windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                        • Part of subcall function 00427F4B: HeapAlloc.KERNEL32(00000008,00000020,?,?,0042774D,00000004,00000010,00427698,00401058,00000000,00001000,00000000,00000000), ref: 00427F5D
                                                                                                                                                                                                        • Part of subcall function 00427F4B: HeapAlloc.KERNEL32(00000008,00000000,?,?,0042774D,00000004,00000010,00427698,00401058,00000000,00001000,00000000), ref: 00427F88
                                                                                                                                                                                                        • Part of subcall function 00428040: HeapAlloc.KERNEL32(00000008,00000000,?,00427760,0000000C,00000000,004276F3,00000004,00000010,00427698,00401058,00000000,00001000,00000000,00000000), ref: 0042804D
                                                                                                                                                                                                      • LoadIconW.USER32(00000001,00000048), ref: 004242A7
                                                                                                                                                                                                      • LoadCursorW.USER32(00000000,00007F00), ref: 004242B9
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocHeap$Load$CursorIcon
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3203760603-0
                                                                                                                                                                                                      • Opcode ID: 3e7671e6059e9513914cc96bcbb6d3731f77f53445d0a35a0571d3a3f7819634
                                                                                                                                                                                                      • Instruction ID: f6eff97f1c709329d8ff0ab2af4692c6578e1259bf17592764787a12c05246a3
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3e7671e6059e9513914cc96bcbb6d3731f77f53445d0a35a0571d3a3f7819634
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C2E0BFB4FC5310AADB119BB17C6BB143A65A708F05F5044BBF640BA1E1FAF960509B0E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004298D0 Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,0040104E,00000000,00001000,00000000,00000000), ref: 004298DC
                                                                                                                                                                                                      • HeapAlloc.KERNEL32(024D0000,00000000,00004208,?,0040104E,00000000,00001000,00000000,00000000), ref: 0042990A
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$AllocCreate
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2618940340-0
                                                                                                                                                                                                      • Opcode ID: 221460677593f9061977f49b16748dea5dbd43a04af66006ab83660779b3d354
                                                                                                                                                                                                      • Instruction ID: 586b6477f139f66befdc879a9c78d77415b9c120320476c2819c46468397cb0b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 221460677593f9061977f49b16748dea5dbd43a04af66006ab83660779b3d354
                                                                                                                                                                                                      • Instruction Fuzzy Hash: C3E0B6B0181344ABE300DFA1FC95B213BA8F308701F008029FA458A3E0E7F254848FAE
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00429920 Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • HeapFree.KERNEL32(024D0000,00000000,024D05D0,?,0040482D,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000), ref: 00429932
                                                                                                                                                                                                      • HeapDestroy.KERNELBASE(024D0000,?,0040482D,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000,00000000), ref: 0042993F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: Heap$DestroyFree
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2061148462-0
                                                                                                                                                                                                      • Opcode ID: e0cfd02c9fda5d7d981f4ea9cec3dfbac6d6d3779556e713eede1efe1f7180e3
                                                                                                                                                                                                      • Instruction ID: 93a63eddd6d778fd148805a9662fc1bc5fb15c3def77a8ae2af8f6cc3d98cfdf
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e0cfd02c9fda5d7d981f4ea9cec3dfbac6d6d3779556e713eede1efe1f7180e3
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 65D0C9B21406049BD604ABA4FC84E6637ACA34C701F00C025FA0542360EAF2A8408B6E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004241FB Relevance: 2.5, APIs: 2, Instructions: 25memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,00000000,?,?,0040488D,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000), ref: 00424232
                                                                                                                                                                                                      • HeapFree.KERNEL32(00000000,?,?,?,0040488D,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000), ref: 0042423F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FreeHeap
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3298025750-0
                                                                                                                                                                                                      • Opcode ID: 751035648aa5ab155d3877d49b310aae271599609d6165f7cea2a0dce6008a29
                                                                                                                                                                                                      • Instruction ID: f3a659fc2d838a8713ca74972d65449b1acaf2411313cf7deed3883d21b92e38
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 751035648aa5ab155d3877d49b310aae271599609d6165f7cea2a0dce6008a29
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 87E0ED31701120ABDB215B66FC01F2A7B69EB50790F4100B6F900A6174E6A5E820DBAA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004072C6 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SendMessageW.USER32(?,00000449,?,00000000), ref: 00407320
                                                                                                                                                                                                        • Part of subcall function 0041B430: RtlFreeHeap.NTDLL(021A0000,00000000,?,00000000,021A1000,?,?,?,004013C1,00000000,00000001,00000000), ref: 0041B466
                                                                                                                                                                                                        • Part of subcall function 0041B430: FindCloseChangeNotification.KERNELBASE(00000000,021A1000,?,?,?,004013C1,00000000,00000001,00000000), ref: 0041B46F
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ChangeCloseFindFreeHeapMessageNotificationSend
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1776103676-0
                                                                                                                                                                                                      • Opcode ID: c56e20f8c7b32fd87014468dc46684a52f155bb0e27c3105d7a0901b3188ee3c
                                                                                                                                                                                                      • Instruction ID: b5a99b15929bdc8331d0d6a0ebd76d0ef305f321afd90ea148f0cdaf44abd2d0
                                                                                                                                                                                                      • Opcode Fuzzy Hash: c56e20f8c7b32fd87014468dc46684a52f155bb0e27c3105d7a0901b3188ee3c
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 5E012C71108248FFE710EF14CC41FAFB7A8FB08318F50862AF899961A1D735AE54EB56
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041B6A0 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetFilePointer.KERNELBASE(?,?,?,00000000,021A1000,?,?,0040128A,00000000), ref: 0041B6E1
                                                                                                                                                                                                        • Part of subcall function 0041B3F0: WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,?,0041B671,00000000,021A1000,00000000,?,?,?,00401271,00000000), ref: 0041B415
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: File$PointerWrite
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 539440098-0
                                                                                                                                                                                                      • Opcode ID: e7e32c98e37f9d04117ad91c354dbfad0267fcab7ef5d2df0e598f8231b29ad2
                                                                                                                                                                                                      • Instruction ID: a0b2b9cad98a1670fa82f977ecc321190b2cc2a04679cfbdc0602d5b8ad39b60
                                                                                                                                                                                                      • Opcode Fuzzy Hash: e7e32c98e37f9d04117ad91c354dbfad0267fcab7ef5d2df0e598f8231b29ad2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 7AE0C971105710AFD724DF55D854FABB7E8EB84B14F00C90EF88546641D7B9EC44CBAA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041B3F0 Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,?,0041B671,00000000,021A1000,00000000,?,?,?,00401271,00000000), ref: 0041B415
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: FileWrite
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3934441357-0
                                                                                                                                                                                                      • Opcode ID: cb52e1734a561d96ce3c9f8dea2d8f5f1be392f7e988f307c6cfd73ca2173b29
                                                                                                                                                                                                      • Instruction ID: cfc3ef3abe4ace976f36a81e123d29923dbc5a2c1bbba71bfa5a2bbf1a9e31ca
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb52e1734a561d96ce3c9f8dea2d8f5f1be392f7e988f307c6cfd73ca2173b29
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 23E0AEB6504700AFC324CF68D948C67B7E8EB88610B00CA2EE49B83A00E670F840CBA1
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00404952 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetupIterateCabinetW.SETUPAPI(?,00000000,00000000,00000000), ref: 00404985
                                                                                                                                                                                                        • Part of subcall function 00429A70: HeapFree.KERNEL32(024D0000,00000000,00000000,00000004,?,?,0040A058,?,00001008,00401080,?,00001000,?,EBA9E800,00427D02,00001008), ref: 00429A88
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CabinetFreeHeapIterateSetup
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2752172957-0
                                                                                                                                                                                                      • Opcode ID: 8adccb587d8f9f9fa73344fb244c5873bf9ba4bcf969a1d55aab789c80515c16
                                                                                                                                                                                                      • Instruction ID: 13938370e49880db7dc9028a7542cfe5df055d2277e2a4862b5c6860b87247da
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8adccb587d8f9f9fa73344fb244c5873bf9ba4bcf969a1d55aab789c80515c16
                                                                                                                                                                                                      • Instruction Fuzzy Hash: B0E0C971108215AFC601EB61D952E6FB3A9EB94708F00882EF58592151DA359C15DB5B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00427766 Relevance: 1.5, APIs: 1, Instructions: 22libraryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • LoadLibraryW.KERNELBASE(00000000,00001000,?,?,0041CB5B,FFFFFFFF,UxTheme.dll,00000000,00000000,0041CB18,00000008,00000000,00000000,00000007,00000018,00000000), ref: 00427785
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: LibraryLoad
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1029625771-0
                                                                                                                                                                                                      • Opcode ID: 658869a353c9d26645961156cdd54d2dbff233a0aee83849f1a12eb8ec2c901b
                                                                                                                                                                                                      • Instruction ID: 42758c154f9ef456e5dc99ed17f38567165ae2a5027a2348c7d592c57e78b7ed
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 658869a353c9d26645961156cdd54d2dbff233a0aee83849f1a12eb8ec2c901b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 42E0483160A371DB8B315B29AC0440BFBE5EBD07717464627F4A453261C7748C51CBEA
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00420C50 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SetWindowTextW.USER32(00000000,?), ref: 00420C83
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: TextWindow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 530164218-0
                                                                                                                                                                                                      • Opcode ID: 99a8ac1963a4c29df49b57a75893e82dc80888c2d7ba1369d7e4bb049c3381f5
                                                                                                                                                                                                      • Instruction ID: 4883f717ad03afa1b70d14508a056812c002e4108a943db761da5725105f783e
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 99a8ac1963a4c29df49b57a75893e82dc80888c2d7ba1369d7e4bb049c3381f5
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 12E0DF75A01230DF9B2E5B22F80886B77E9BF40710B0981AEE80067325DB75DC01C79D
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00421BC5 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CallWindowProcW.USER32(?,00000008,?,?), ref: 00421BFA
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CallProcWindow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2714655100-0
                                                                                                                                                                                                      • Opcode ID: 0ae53c13fdd9160a4d12fbd52b8d01040b0d8e93e3726a0d35a8ed284a9c904b
                                                                                                                                                                                                      • Instruction ID: 20cecf23ee91380338ad2312598f1385f25b7f31d0c3c4015205ea465f801c55
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0ae53c13fdd9160a4d12fbd52b8d01040b0d8e93e3726a0d35a8ed284a9c904b
                                                                                                                                                                                                      • Instruction Fuzzy Hash: A2E01A31200118FBCF024F81EC05C9A3F75BB24311F80C426FA0958170D376A6B4EF49
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00420BAE Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • KiUserCallbackDispatcher.NTDLL(00000000,00000001), ref: 00420BD0
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CallbackDispatcherUser
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2492992576-0
                                                                                                                                                                                                      • Opcode ID: 666ff35aa4ae0f6827248eeacba264c0986c18a03534e42af37ef6bdc52c9148
                                                                                                                                                                                                      • Instruction ID: 7e6058a06ad4f39805c1677079c6ac64e81de5b25898c7c8a12c501e9b8f229f
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 666ff35aa4ae0f6827248eeacba264c0986c18a03534e42af37ef6bdc52c9148
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E3D05230204310EADF612B90ED04B16BEA2BB60B08F40802BF540500F2E6B9A894EA0A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041C4BF Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • CopyFileW.KERNELBASE(0000001E,0000001E,00000000,00404FBB,00000001,00000001,00440B26,0045DF26,00000001,00000000,00000000,0000001E,00000000,00000000,IF_SERIAL,00000057), ref: 0041C4D6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CopyFile
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1304948518-0
                                                                                                                                                                                                      • Opcode ID: 46a90c857a42a2d9a60485eb62fed2dca2e398dfa45895d4d52c494b46138dbc
                                                                                                                                                                                                      • Instruction ID: 5ac3735121d5d68138c67bbe88e84f5dddcf707323a531c85544ab12fab181b7
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 46a90c857a42a2d9a60485eb62fed2dca2e398dfa45895d4d52c494b46138dbc
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 1AD0C93118C201FE8B206A208D9487BB7E6AB90341F10C83BB495C0820E734C890FB26
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041C720 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • RtlAllocateHeap.NTDLL(02280000,00000008,00000000,00409AA5,00000001,?,00000000,00000000,00000007,0040341A,00000057,00000000,00000000,00000000,00000000,00000000), ref: 0041C731
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: AllocateHeap
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1279760036-0
                                                                                                                                                                                                      • Opcode ID: 0e8d687cebcaadad76cd0358ab17b342ff55774f2bd3a2615efeb465b4d5616a
                                                                                                                                                                                                      • Instruction ID: b5b63cc5849691dd6159a6485232acef874d9acdf93aa034447c397ea4bd3f45
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 0e8d687cebcaadad76cd0358ab17b342ff55774f2bd3a2615efeb465b4d5616a
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 37C04CB1B402416BD750DBB89E8AF1772DC7B74706F00C836B656D7154EBB4D810DB29
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004153E0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fread
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1766058891-0
                                                                                                                                                                                                      • Opcode ID: f327cb2a9ccf14fd5ef3e0c62aeec2fbef7b02a8d735c08fb3130a95cefaa6a6
                                                                                                                                                                                                      • Instruction ID: 2cf5e5cf8839d515da2853482da2de940c6da2a5fea5a4f6f51e888bcf47461b
                                                                                                                                                                                                      • Opcode Fuzzy Hash: f327cb2a9ccf14fd5ef3e0c62aeec2fbef7b02a8d735c08fb3130a95cefaa6a6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 48C04CB96143017FE604DB54C8D2D3B73AAEBC8750F808D4CB99846251D675E8548662
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00423451 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • DestroyWindow.USER32(00000000,?), ref: 00423466
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DestroyWindow
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3375834691-0
                                                                                                                                                                                                      • Opcode ID: 7cca3b27a5da89e8718106ccf9efe0199dfe9490956044a5cb07223610c638e6
                                                                                                                                                                                                      • Instruction ID: c061c2067314b3f95cc6d19461152a140ddbf0bee0631a3459794a47d1df82b4
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 7cca3b27a5da89e8718106ccf9efe0199dfe9490956044a5cb07223610c638e6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 84C04C716042109A8B026F51EE048167B66BB60705B4140B6E54541075EB759D20EE2E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004220DC Relevance: 1.5, APIs: 1, Instructions: 7windowCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • SendMessageW.USER32(?,00000402,?,00000000), ref: 004220ED
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: MessageSend
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3850602802-0
                                                                                                                                                                                                      • Opcode ID: 27d05f580c920ce27a900331f7f4873fe04bcbc28822ad4b6d0ccbe2947d71f6
                                                                                                                                                                                                      • Instruction ID: cfebb8c4d9f42bdfa07a42995a320e485c7d2ff7f59f91fdc761c799cfa77c19
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 27d05f580c920ce27a900331f7f4873fe04bcbc28822ad4b6d0ccbe2947d71f6
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ACC04836244200BFDA019B80CE4AF0ABBA1AB94B00F00C414B384690A086F19824EB0A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041C580 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • HeapCreate.KERNELBASE(00000000,00001000,00000000,00401085,00000000,00001000,00000000,00000000), ref: 0041C589
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: CreateHeap
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 10892065-0
                                                                                                                                                                                                      • Opcode ID: efba2aae8ff84868cfdc71735d32aaaff6644ad04aa3c67d53b7f1535ea8c071
                                                                                                                                                                                                      • Instruction ID: 7924084de5102533168eca91d8afb4cb488f3991556f120df7b37647b7f7fe99
                                                                                                                                                                                                      • Opcode Fuzzy Hash: efba2aae8ff84868cfdc71735d32aaaff6644ad04aa3c67d53b7f1535ea8c071
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 16B012F068538056E3110B505D46B1036506344B43F100067F640592D4E7F010044B0E
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00415420 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: ftell
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 4150084136-0
                                                                                                                                                                                                      • Opcode ID: 3269e4d6c07d7d802b4a9af4c4e0b51b9df9e0be2daa13651f52e37853aa5dfd
                                                                                                                                                                                                      • Instruction ID: cf608cb0ffe393b4fe4ab77ab1278bb109e3fd871a38a2e7f0c55e3c8d3ae144
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 3269e4d6c07d7d802b4a9af4c4e0b51b9df9e0be2daa13651f52e37853aa5dfd
                                                                                                                                                                                                      • Instruction Fuzzy Hash: BEA022EAC0030023C800A2E0E882C0F328C3A88200FC00828B08882030E23CE008823B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 004154A0 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: fclose
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 3125558077-0
                                                                                                                                                                                                      • Opcode ID: 8832e816e3e9780bfa8dd92a134b0cf0c2dd5fa6bcae1fc0aac3172a8150b1d1
                                                                                                                                                                                                      • Instruction ID: 85c239afa633d8ed51c36d5b7851f19dd8e18a75a5ef14089c13e07c28dda7a8
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 8832e816e3e9780bfa8dd92a134b0cf0c2dd5fa6bcae1fc0aac3172a8150b1d1
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 06A024F5C0010013D5045150D40140771541544504FC04414750441010F03DD04CC107
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 0041C5A0 Relevance: 1.5, APIs: 1, Instructions: 4memoryCOMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      • HeapDestroy.KERNELBASE(02280000,004048A1,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000,00000000), ref: 0041C5A6
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: DestroyHeap
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2435110975-0
                                                                                                                                                                                                      • Opcode ID: cb69d0d83d27af621838d040b363139eacc435a6e180e680e489e406d3c5faa2
                                                                                                                                                                                                      • Instruction ID: 1b500a20cb8840cd224ce718cfbd3e7538084417c7d758ad5acfc50083791b03
                                                                                                                                                                                                      • Opcode Fuzzy Hash: cb69d0d83d27af621838d040b363139eacc435a6e180e680e489e406d3c5faa2
                                                                                                                                                                                                      • Instruction Fuzzy Hash: ABA002F1D015809BCF05DBE5EEDCD65776CB74430630814ABF541C2121E6F49848CB1A
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00431900 Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: malloc
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 2803490479-0
                                                                                                                                                                                                      • Opcode ID: 4dede192f28fc955a0fd90a7b8e248aabbd5e486a4965c51e0ede6b6b0c13204
                                                                                                                                                                                                      • Instruction ID: 95c32b0095bc2cda5f02e30766055fda6a1b49e4c83ff0515c45b5e548b35247
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 4dede192f28fc955a0fd90a7b8e248aabbd5e486a4965c51e0ede6b6b0c13204
                                                                                                                                                                                                      • Instruction Fuzzy Hash: E4A012F490010057D6004B54E848406365C7A40200B800424F00581120D174D418C60B
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%

                                                                                                                                                                                                      Function 00416A20 Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                      Download Yara Rule
                                                                                                                                                                                                      APIs
                                                                                                                                                                                                      Memory Dump Source
                                                                                                                                                                                                      • Source File: 00000008.00000002.2297949544.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                      • Associated: 00000008.00000002.2297198567.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298171283.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298488388.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2298808173.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299470910.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299542917.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      • Associated: 00000008.00000002.2299638207.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                      Joe Sandbox IDA Plugin
                                                                                                                                                                                                      • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                      Similarity
                                                                                                                                                                                                      • API ID: free
                                                                                                                                                                                                      • String ID:
                                                                                                                                                                                                      • API String ID: 1294909896-0
                                                                                                                                                                                                      • Opcode ID: 37b4b23e18f207398b683a564d4fa16604f4091107e7e95cef210f44c94f2603
                                                                                                                                                                                                      • Instruction ID: 238c979fcf42fb4a564b3973675ba70b792d3fc4a67049feef77c60bfbf389af
                                                                                                                                                                                                      • Opcode Fuzzy Hash: 37b4b23e18f207398b683a564d4fa16604f4091107e7e95cef210f44c94f2603
                                                                                                                                                                                                      • Instruction Fuzzy Hash: 0DA022B200020022C808A2A0C00080A33A8CA88300F20080EB20282020CB38C0808200
                                                                                                                                                                                                      Uniqueness

                                                                                                                                                                                                      Uniqueness Score: -1.00%